last executing test programs: 2m18.581404272s ago: executing program 2 (id=201): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x54, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_TC={0x5, 0x4, 0x7}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x20040054) 2m17.774445657s ago: executing program 2 (id=202): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x5c, r4, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @remote}}]}, 0x5c}}, 0x0) 2m16.796927932s ago: executing program 2 (id=207): r0 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$cgroup(0x0, &(0x7f0000000600)='.\x00', &(0x7f0000000640), 0x2208010, 0x0) lseek(0xffffffffffffffff, 0x10000000005, 0x1) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3}) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) write$sequencer(r5, 0x0, 0x10) 2m11.092455627s ago: executing program 2 (id=225): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x8) 2m10.945846266s ago: executing program 2 (id=227): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000ac0), 0x1, 0xa10, &(0x7f0000001540)="$eJzs3U2MG1cdAPBn73rTfJQ4JaFLGtqEQls+uttslvARQVM1F6Km6q1SxSVK0xKRBkQqQasekpy40aoKVz7EqZcKEBK9oKgnLpVoJC49FQ4ciIJUiQMUkkXrfc/r/cfW2Jvser3+/aTZ55n/s98b73g8npn3XgLGVr31d35+upbS5XfePPaPh/6+dXHJ4+0czdbfyY65Rkqplucnw+t9OLGU3vjotVPd0lqaa/0t8+np6+3nbk8pXUj705XUTHsvX33jvbmnTlw8funA+28dubY2aw8AAOPlmStH5vf89c/37fr47fuPpi3t5eX4vJnnd+Tj/qP5wL8c/9fTyvlax9RpKuSbzFM95Jvokq+znEbIN9mj/Knwuo0e+bZUlD/RsazbesMoK9txM9XqMyvm6/WZmaXf5Kn1u36qNnPuzNkXzg+posAd968HUkr7TSbTOE4LO4e9BwJYEq8X3uJCPLNwe9qvNtlf+defqHd/PtwB6739K3+0yv/1RXsc7pzNujWV9Sqfox15Pl5HiPcvDfr5L68Xr0c0+qxnr+sIo3J9oVc9J9a5HqvVq/5xu9isvpnT8j58K8Q7Pz/xfzoq/2Ogu387/28yje20MOwdELBhxfvmFrISj/f1xfiWivhdFfGtFfFtFfHtFXEYZ797+afp9dry7/z4m37Q82HlPNvdOf3EgPWJ5yMHLT/e9zuo2y0/3k8MG9kfTj57+mvPP3d16f7/2uL237rl/2be3vfnfM382bqSN/dyvjCeV1++9/+ZFeXUe+S7J9Tn7i75W493r8xX2738OqljP3NLPaZXPm9nr3z7VuZrhnxb83RXqG88PtkWnleOP8p+tbxfk2F9G2E9pkI9yn5lV05jPWA1yvbY6/7/sn1Op0bthTNnTz+W58t2+qeJxpbF5QfXud7A7eu3/c90Wtn+Z0d7eaPeuV/Yuby81rlfaIblcz2WH8rz5XvuuxNbW8tnTn3/7PN3euVhzJ1/5dXvnTx79vQPPfDAAw/aD4a9ZwLW2uzLL/1g9vwrrz565qWTL55+8fS5Q4cPH5qbO/z1Q/OzreP62c6je2AzWf7SH3ZNAAAAAAAAAAAAgH796Pixq39596sfLLX/X27/V9r/lzt/S/v/n4T2/7GdfGkHX9oB7uoSb+UJHaxOhXyNPH0y1Hd3KGdPeN6nctoexy+3/y/FxX5dS33uDctj/70lX+hO4Jb+UqZCHyRxvMDP5vRSTn+VYIhqW7svzmlV/9ZlWy/9U+iXYjSV/1vZGko/JqX9d69+ncr+f9c61JE7bz2aEw57HYHu/qn/b5NpbKeFBaN4ABvDsMf/LOc9S3ruj9++a3Eq2a4/sXJ/Gfsvhdux0cefVP7mGv+zPf5d3/u/MGJec3Xl/ufn1z7oKDbt7bf8uP6lH+jdg5X/cS6/rM3Dqb/yF34Zyo8XhPr031D+tj7Lv2X9962u/P/l8svb9siD/Za/VONafWU94nnjcv0vnjcuboT1L317Drz+qxyo8WYuH8bZqIwzO6hRGf+3l3gfxlfyfNkRlvsc4ngng9a/3F9Rvgf2hNevVXy/bfbxfy+uY12G4Rs5rfo8lPF/y/bY7DJf75hvdHlvN+u+BkbVh67/mUxjOy0sLKztCa0KQy2cob//w/6dMOzyh/3+V4nj/8Zj+Dj+b4zH8X9jPI7/G+NxfL0Yj+P/xvczjv8b4/eG143jA09XxD9dEd9bEb+vIr6vIv6ZiviBivj9FfEHKuL3VMQfrIh/riL++Yr4QxXxRyriX6iIb3alPcq4rj+Ms9g+z+cfxke5/tPr87+7Ig6Mrp+9ffDJ5377neZS+/+p9vmQch3vaJ7fn387/zjPx+veqWN+MfZunv9biG/08x0wTmL/GfH7/eGKODC6yn1ePt8whmrde+zpt9+qXsf5jJYv5vRLOf1yTh/N6UxOZ3N6MKdz61Q/1saTv/n9kddry7/3d4Z4v/eTx/ZAsZ+oQ33WJ54fGPR+9tiP36But/xVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly++8eezZE2dmF5c83s7RbP2d7JhrtJ+X0mM5ncjpL/KDGx+9dqozvZnTWppLtVRrL09PX2+XtD2ldCHtT1dSM+29fPWN9+aeOnHx+KUD77915NravQMAAACw+f0/AAD//8MLDok=") syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000080)={{0x4, 0x6, 0x8, 0xa, 'syz0\x00', 0x75f}, 0x1, [0x0, 0x5, 0x7, 0x8000, 0x9, 0x8, 0x7fb, 0xfe, 0x5, 0x47f1, 0x2, 0x8, 0x5, 0x7, 0x1, 0x8, 0x0, 0x8000000000000001, 0x81, 0x1, 0x8000000000000000, 0xfff, 0x8, 0x1, 0xbddb, 0xb74, 0xe, 0x14, 0x567, 0x9, 0x0, 0x5, 0xcc, 0x81, 0xea, 0x80000000, 0x8687, 0x0, 0x3, 0x2e, 0x1, 0xab91, 0x2d5, 0xacc5f34, 0x8e, 0x6, 0x800, 0x0, 0x5, 0x2, 0x5, 0x3, 0x3, 0x100000000, 0x9a, 0x9, 0x0, 0x8, 0x2, 0x7, 0x1, 0x8, 0xfffffffffffffff2, 0x5, 0x1, 0x0, 0x7fffffff, 0xc, 0x7, 0xb, 0xfffffffffffffffd, 0x2, 0xcb5c, 0x2, 0x2, 0x8, 0x1, 0x80, 0xb1, 0x5, 0x26, 0x3, 0x8, 0x9, 0x1, 0xffffffffffffffff, 0x8, 0xffffffff, 0x9, 0x1, 0x2, 0xa9, 0x1, 0xffffffffffffffff, 0x9, 0x5, 0x4, 0x0, 0x8, 0x12b, 0x10001, 0x1, 0x6, 0x9, 0x9, 0x9, 0x80000000, 0x2, 0x3, 0xfffffffffffffffb, 0x271a, 0x0, 0x5, 0xff, 0x7, 0x4000000000000008, 0xa, 0x33, 0x2, 0x1bde, 0xfff, 0x3, 0x38000000000, 0xfffffffffffffe2d, 0x1, 0x5, 0x66fd]}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x9003000000000000, 0x40, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 2m10.349278633s ago: executing program 2 (id=232): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x2, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x20000, 0x57, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x13, &(0x7f0000001bc0), 0x2) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file2\x00', 0x200, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 2m10.074229039s ago: executing program 32 (id=232): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x2, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x20000, 0x57, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) io_uring_register$IORING_REGISTER_RING_FDS(0xffffffffffffffff, 0x13, &(0x7f0000001bc0), 0x2) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file2\x00', 0x200, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 44.588041795s ago: executing program 4 (id=612): getpid() open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = syz_open_dev$sg(0x0, 0x0, 0x8002) fcntl$dupfd(r1, 0x0, r1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x4, 0xfffb}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x80) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r4, {0xc, 0x8}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) 43.991438171s ago: executing program 4 (id=617): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x15, 0x0, &(0x7f0000000340)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x21, 0x5, 0x6, 0x2, 0x0, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x4}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x50) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r3, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e25, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @multicast1}}}], 0x20, 0x3f}}], 0x1, 0xc0) 43.190062845s ago: executing program 4 (id=619): syz_emit_ethernet(0xda, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r2, &(0x7f0000000580)='1\x00', 0x2) write$sysctl(r2, &(0x7f00000000c0)='2\x00', 0x2) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000740)=[@cswp={0x58, 0x114, 0x7, {{0x5}, &(0x7f00000003c0)=0xdf, 0x0, 0x55, 0x5, 0x81, 0x8, 0x30, 0x2}}], 0x58}, 0x0) syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00') 42.180494265s ago: executing program 4 (id=623): syz_mount_image$ext4(&(0x7f0000002580)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x200004, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@nobarrier}]}, 0x2, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00') mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0) 40.755401848s ago: executing program 4 (id=630): bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x4800) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) fcntl$lock(r1, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) fcntl$lock(r1, 0x26, &(0x7f0000000240)={0x1, 0x2, 0x809, 0x34ef}) close_range(r0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48) 40.176899253s ago: executing program 4 (id=636): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000010028bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="317a040094980000140003006e657464657673696d30000000000000300016802c00018028000100000000df"], 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x80) 40.012438434s ago: executing program 33 (id=636): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000001000010028bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="317a040094980000140003006e657464657673696d30000000000000300016802c00018028000100000000df"], 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x80) 8.240054148s ago: executing program 1 (id=773): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r3 = socket(0x22, 0x2, 0x24) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) close(r3) syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==") 6.966045542s ago: executing program 1 (id=777): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') readlinkat(r1, &(0x7f0000000380)='./mnt\x00', &(0x7f0000000080)=""/13, 0xd) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x32b, @tick=0x440, 0xff, {}, 0x0, 0x0, 0xfb}) 5.90089094s ago: executing program 1 (id=780): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000ac0), 0x1, 0xa10, &(0x7f0000001540)="$eJzs3U2MG1cdAPBn73rTfJQ4JaFLGtqEQls+uttslvARQVM1F6Km6q1SxSVK0xKRBkQqQasekpy40aoKVz7EqZcKEBK9oKgnLpVoJC49FQ4ciIJUiQMUkkXrfc/r/cfW2Jvser3+/aTZ55n/s98b73g8npn3XgLGVr31d35+upbS5XfePPaPh/6+dXHJ4+0czdbfyY65Rkqplucnw+t9OLGU3vjotVPd0lqaa/0t8+np6+3nbk8pXUj705XUTHsvX33jvbmnTlw8funA+28dubY2aw8AAOPlmStH5vf89c/37fr47fuPpi3t5eX4vJnnd+Tj/qP5wL8c/9fTyvlax9RpKuSbzFM95Jvokq+znEbIN9mj/Knwuo0e+bZUlD/RsazbesMoK9txM9XqMyvm6/WZmaXf5Kn1u36qNnPuzNkXzg+posAd968HUkr7TSbTOE4LO4e9BwJYEq8X3uJCPLNwe9qvNtlf+defqHd/PtwB6739K3+0yv/1RXsc7pzNujWV9Sqfox15Pl5HiPcvDfr5L68Xr0c0+qxnr+sIo3J9oVc9J9a5HqvVq/5xu9isvpnT8j58K8Q7Pz/xfzoq/2Ogu387/28yje20MOwdELBhxfvmFrISj/f1xfiWivhdFfGtFfFtFfHtFXEYZ797+afp9dry7/z4m37Q82HlPNvdOf3EgPWJ5yMHLT/e9zuo2y0/3k8MG9kfTj57+mvPP3d16f7/2uL237rl/2be3vfnfM382bqSN/dyvjCeV1++9/+ZFeXUe+S7J9Tn7i75W493r8xX2738OqljP3NLPaZXPm9nr3z7VuZrhnxb83RXqG88PtkWnleOP8p+tbxfk2F9G2E9pkI9yn5lV05jPWA1yvbY6/7/sn1Op0bthTNnTz+W58t2+qeJxpbF5QfXud7A7eu3/c90Wtn+Z0d7eaPeuV/Yuby81rlfaIblcz2WH8rz5XvuuxNbW8tnTn3/7PN3euVhzJ1/5dXvnTx79vQPPfDAAw/aD4a9ZwLW2uzLL/1g9vwrrz565qWTL55+8fS5Q4cPH5qbO/z1Q/OzreP62c6je2AzWf7SH3ZNAAAAAAAAAAAAgH796Pixq39596sfLLX/X27/V9r/lzt/S/v/n4T2/7GdfGkHX9oB7uoSb+UJHaxOhXyNPH0y1Hd3KGdPeN6nctoexy+3/y/FxX5dS33uDctj/70lX+hO4Jb+UqZCHyRxvMDP5vRSTn+VYIhqW7svzmlV/9ZlWy/9U+iXYjSV/1vZGko/JqX9d69+ncr+f9c61JE7bz2aEw57HYHu/qn/b5NpbKeFBaN4ABvDsMf/LOc9S3ruj9++a3Eq2a4/sXJ/Gfsvhdux0cefVP7mGv+zPf5d3/u/MGJec3Xl/ufn1z7oKDbt7bf8uP6lH+jdg5X/cS6/rM3Dqb/yF34Zyo8XhPr031D+tj7Lv2X9962u/P/l8svb9siD/Za/VONafWU94nnjcv0vnjcuboT1L317Drz+qxyo8WYuH8bZqIwzO6hRGf+3l3gfxlfyfNkRlvsc4ngng9a/3F9Rvgf2hNevVXy/bfbxfy+uY12G4Rs5rfo8lPF/y/bY7DJf75hvdHlvN+u+BkbVh67/mUxjOy0sLKztCa0KQy2cob//w/6dMOzyh/3+V4nj/8Zj+Dj+b4zH8X9jPI7/G+NxfL0Yj+P/xvczjv8b4/eG143jA09XxD9dEd9bEb+vIr6vIv6ZiviBivj9FfEHKuL3VMQfrIh/riL++Yr4QxXxRyriX6iIb3alPcq4rj+Ms9g+z+cfxke5/tPr87+7Ig6Mrp+9ffDJ5377neZS+/+p9vmQch3vaJ7fn387/zjPx+veqWN+MfZunv9biG/08x0wTmL/GfH7/eGKODC6yn1ePt8whmrde+zpt9+qXsf5jJYv5vRLOf1yTh/N6UxOZ3N6MKdz61Q/1saTv/n9kddry7/3d4Z4v/eTx/ZAsZ+oQ33WJ54fGPR+9tiP36But/xVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly++8eezZE2dmF5c83s7RbP2d7JhrtJ+X0mM5ncjpL/KDGx+9dqozvZnTWppLtVRrL09PX2+XtD2ldCHtT1dSM+29fPWN9+aeOnHx+KUD77915NravQMAAACw+f0/AAD//8MLDok=") syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000080)={{0x4, 0x6, 0x8, 0xa, 'syz0\x00', 0x75f}, 0x1, [0x0, 0x5, 0x7, 0x8000, 0x9, 0x8, 0x7fb, 0xfe, 0x5, 0x47f1, 0x2, 0x8, 0x5, 0x7, 0x1, 0x8, 0x0, 0x8000000000000001, 0x81, 0x1, 0x8000000000000000, 0xfff, 0x8, 0x1, 0xbddb, 0xb74, 0xe, 0x14, 0x567, 0x9, 0x0, 0x5, 0xcc, 0x81, 0xea, 0x80000000, 0x8687, 0x0, 0x3, 0x2e, 0x1, 0xab91, 0x2d5, 0xacc5f34, 0x8e, 0x6, 0x800, 0x0, 0x5, 0x2, 0x5, 0x3, 0x3, 0x100000000, 0x9a, 0x9, 0x0, 0x8, 0x2, 0x7, 0x1, 0x8, 0xfffffffffffffff2, 0x5, 0x1, 0x0, 0x7fffffff, 0xc, 0x7, 0xb, 0xfffffffffffffffd, 0x2, 0xcb5c, 0x2, 0x2, 0x8, 0x1, 0x80, 0xb1, 0x5, 0x26, 0x3, 0x8, 0x9, 0x1, 0xffffffffffffffff, 0x8, 0xffffffff, 0x9, 0x1, 0x2, 0xa9, 0x1, 0xffffffffffffffff, 0x9, 0x5, 0x4, 0x0, 0x8, 0x12b, 0x10001, 0x1, 0x6, 0x9, 0x9, 0x9, 0x80000000, 0x2, 0x3, 0xfffffffffffffffb, 0x271a, 0x0, 0x5, 0xff, 0x7, 0x4000000000000008, 0xa, 0x33, 0x2, 0x1bde, 0xfff, 0x3, 0x38000000000, 0xfffffffffffffe2d, 0x1, 0x5, 0x66fd]}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x9003000000000000, 0x40, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 5.641923483s ago: executing program 0 (id=783): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xac3, &(0x7f0000002a80)="$eJzs3V2MVFcBAOAzuzsLC1SWCnal2ILVtv50KcuKP0ShgZhISmN8adL4QiitRMTEmqhNE4En32zTYOKTP/GpL001JvbFkD750sSSNCZ9qj74IMG0iQ8VhWmYOWf2zmGGOzMsc3eY70vOnjn3nDvn3Nk7d+7fuScAE2uq+Xd5eaEWwvnXXz78rwf/OXd9yoF2ifnm35lCqh5CqMX0TPZ+70634qvvxxnDC8db6VZcC0vNvykdnrjcnndjCOFM2BkuhPmw/fzFl95cevzo2SPndr31yv5Lt2PZAQBg0nzzwv7lbX//671brrx638Gwrj097Z/HnfiwKe73H4w7/mn/fyp0pmuFUDSblZuJYWqus9x0l3LFeupZuZke9c9m9dd7lFsXbl7/dGFat+WGcZbW4/lQm1rsSE9NLS62jslD87h+trZ4+uSpZ56rqKHAqvvP/SGEnYVw6Fxneq2FA2ugDUOGxhpow1iGg6Or60qjpfJlHlFobK56CwTQks47tK8P5s7kZxZuTfvdZvqr//JjU93nh1Uw6vV/oPpnK64/qP93Z21xWD136tqUlit9jzbFdH4dIb9/qff3L7/S0Tk1vx5R77Odva4jjMv1hV7tnB5xO4bVq/35enGn+mqM0+fwtY7c+zu+P/n/dFz+x0B3H+Tn/wVBWNshdKTrt/JejR736wDk98010vXRKL+vL89fV5K/viR/riR/Q0n+xpJ8mGR/+OHPw4u1lfNd+TH9oOfD03m2u2L8kQHbk++HDFp/ft/voG61/vx+YljL/nTsyRNfevqpi637/2vt9f9aXN/T4cZ8/G5diAXS+cL8vHr7WGK+s56pHuXuztpzV5fyzddbO8vVtq68TyhsZ25ox0LnfJt7ldvRWW4+KzcXw/qsvfn+yYZsvrT/kbar6fOayZa3ni3HbNaOtF3ZEuO8HTCMtD72uv8/rZ8LoV575uSpE4/GdFpP/zJdX3d9+p4Rtxu4df32/1kInf1/NrWn16eK24XNK9Nrre3Ca/H9OqcvtespTC/8qKXfue9MzzXLLx7//qmnV3nZYdI995Pnv3vs1KkTP/DiJi/SXn73Ml9fAy0c8EVaoLXSHi8GfbHzdldR4UYJGIndP23tBDxy8nvHnj3x7InTe/ft27u0tO/Le5d3N/frdxf37ovOVNBaYDWt/OhX3RIAAAAAAAAAAACgXz86cvji22988Z1W//+V/n+p/3+68zf1//9Z1v8/7yef+sGnfoBbuuQ3y2QPWJ3NytVj+GjW3q1ZPduy+T4W4/Y4frH/f6ouf65ras892fR6j2T2OIEbnpcymz2DJB8v8JMxPhfj3waoUG2u++QY3+T51rUPCut6ej5FoQtvw/OBx0f6vzXXhsIjjVL/767PderSX5vxMooei1UvI9Ddvyfq+d/vrSx45W0ReoeZ0db3y8ldJxo999L7HcEGYHVUPf5nOu+Z4tN//sb66yEVu/xY5/Yyf34pDOJvb3em1/r4k7e7/nzcvlHXX/Xyj3r8z/b4d31v/7IR8+aHq/e/v7r0TqHasL3f+vPlT8+B3jpY/Vdi/WlpHgr91d/4TVZ/fkGoT//L6t/QZ/03LP+O4er/f6w/fWwPP9Bv/a0W16Y62zGXLUe6/pefN06uZsufnu15k/q/9Xy35R9yoMZrsX6YZOMyzuygsv2I9k778OP/RmdWd/zfdmOzzVp+H8YXYjptiNN9Dvl4J4O2P91fkX4HtmXvXyv5fTP+73j7SozLvg9p/N+0Ps7Hn/xCuvlZpnS9y2d7p25rYFy9O9T1v/cqv26xtsOl1mHQcPOvr779wgChMT3EfO1x4ipuf6PRqHToX+MOV6vqz7/q44Sq66/68y+Tj/+b78Pn4//m+fn4v3l+Pv5vnj8X/0O98vPxf/PPMx//N8+/J3vffHzghZL8j5fkb++e3z5sv7dk/h0l+Z8oyd/Vzj/QUSLl33fT+VfK9Xr/u0vyHyjJ/1RJ/qdL8h8syX+4kF8cAzrlf6Zk/jtd6o8yqcsPkyzvn+f7D5MjXf/p9f3fWpIPjK9fvLrn0FO///Z8q///bPt8SLqOdzCm6/H46ccxnV/3DoX09bw3YvofWf5aP98BkyR/fkb++/5QST4wvtJ9Xr7fMIFq67tPjnHZc6t67eczXj4b48/F+PMxfiTGizHeHeM9MV4aUfu4PQ699sf9L9ZWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/UN2BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjMVPPv8vJCLYTzr798+MmjJ3dfn3KgXWK++XemkKq35wvh0RhPx/jX8cXV9184XoyvxbgWlkIt1NrTwxOX2zVtDCGcCTvDhTAftp+/+NKbS48fPXvk3K63Xtl/6fZ9AgAAAHDn+zAAAP//LlQL6Q==") r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x90000) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x1000, 0x2, 0xbfdffffc}, 0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4d}, 0x1}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0) write$P9_RSYMLINK(r1, &(0x7f0000000100)={0x14, 0x11, 0x2, {0x2, 0x0, 0x6}}, 0xffffff30) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NFC_CMD_ENABLE_SE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x71eff8d2059dfe60}, 0xc004) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000040)=""/27, 0x1b, 0x0, 0x1, 0x1}}, 0x48) write$vhost_msg_v2(r0, 0x0, 0x0) write$vhost_msg_v2(r0, 0x0, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) 4.698896095s ago: executing program 1 (id=786): ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x20048010) sendto(0xffffffffffffffff, &(0x7f00000003c0)="e1118ce476", 0x5, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80) r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$IMADDTIMER(r4, 0x80044940, &(0x7f0000000280)=0x14) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xffffff81, {0x0, 0x0, 0x0, r6, {0xe, 0x3}, {}, {0x9, 0xfff1}}}, 0x24}}, 0x40004) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000140)={0x3, 0x0, 0x98, &(0x7f0000000080)={0x7, 0x2, 0x11}}) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={0x0}, 0x1, 0x0, 0x0, 0x5}, 0x100) 4.441815928s ago: executing program 0 (id=787): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000040)="27031c00160014000000002f1eafacf706e105000000894f0005", 0x1a}, {&(0x7f00000017c0)="44504f81d37c356952483f9244dd24e9721f7301f0dd0efe110d5e42d3", 0x1d}], 0x2}, 0x2404c0d0) 3.654198019s ago: executing program 1 (id=792): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x2}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) statfs(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) statx(0xffffffffffffffff, 0x0, 0x48e0cdf8471afff4, 0x54663aafb2d54055, 0x0) prctl$PR_SVE_SET_VL(0x32, 0x28de8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(0xffffffffffffffff, 0x0, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.444657946s ago: executing program 0 (id=794): creat(&(0x7f0000010280)='./file0\x00', 0x182) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') 3.440102027s ago: executing program 0 (id=796): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000ac0), 0x1, 0xa10, &(0x7f0000001540)="$eJzs3U2MG1cdAPBn73rTfJQ4JaFLGtqEQls+uttslvARQVM1F6Km6q1SxSVK0xKRBkQqQasekpy40aoKVz7EqZcKEBK9oKgnLpVoJC49FQ4ciIJUiQMUkkXrfc/r/cfW2Jvser3+/aTZ55n/s98b73g8npn3XgLGVr31d35+upbS5XfePPaPh/6+dXHJ4+0czdbfyY65Rkqplucnw+t9OLGU3vjotVPd0lqaa/0t8+np6+3nbk8pXUj705XUTHsvX33jvbmnTlw8funA+28dubY2aw8AAOPlmStH5vf89c/37fr47fuPpi3t5eX4vJnnd+Tj/qP5wL8c/9fTyvlax9RpKuSbzFM95Jvokq+znEbIN9mj/Knwuo0e+bZUlD/RsazbesMoK9txM9XqMyvm6/WZmaXf5Kn1u36qNnPuzNkXzg+posAd968HUkr7TSbTOE4LO4e9BwJYEq8X3uJCPLNwe9qvNtlf+defqHd/PtwB6739K3+0yv/1RXsc7pzNujWV9Sqfox15Pl5HiPcvDfr5L68Xr0c0+qxnr+sIo3J9oVc9J9a5HqvVq/5xu9isvpnT8j58K8Q7Pz/xfzoq/2Ogu387/28yje20MOwdELBhxfvmFrISj/f1xfiWivhdFfGtFfFtFfHtFXEYZ797+afp9dry7/z4m37Q82HlPNvdOf3EgPWJ5yMHLT/e9zuo2y0/3k8MG9kfTj57+mvPP3d16f7/2uL237rl/2be3vfnfM382bqSN/dyvjCeV1++9/+ZFeXUe+S7J9Tn7i75W493r8xX2738OqljP3NLPaZXPm9nr3z7VuZrhnxb83RXqG88PtkWnleOP8p+tbxfk2F9G2E9pkI9yn5lV05jPWA1yvbY6/7/sn1Op0bthTNnTz+W58t2+qeJxpbF5QfXud7A7eu3/c90Wtn+Z0d7eaPeuV/Yuby81rlfaIblcz2WH8rz5XvuuxNbW8tnTn3/7PN3euVhzJ1/5dXvnTx79vQPPfDAAw/aD4a9ZwLW2uzLL/1g9vwrrz565qWTL55+8fS5Q4cPH5qbO/z1Q/OzreP62c6je2AzWf7SH3ZNAAAAAAAAAAAAgH796Pixq39596sfLLX/X27/V9r/lzt/S/v/n4T2/7GdfGkHX9oB7uoSb+UJHaxOhXyNPH0y1Hd3KGdPeN6nctoexy+3/y/FxX5dS33uDctj/70lX+hO4Jb+UqZCHyRxvMDP5vRSTn+VYIhqW7svzmlV/9ZlWy/9U+iXYjSV/1vZGko/JqX9d69+ncr+f9c61JE7bz2aEw57HYHu/qn/b5NpbKeFBaN4ABvDsMf/LOc9S3ruj9++a3Eq2a4/sXJ/Gfsvhdux0cefVP7mGv+zPf5d3/u/MGJec3Xl/ufn1z7oKDbt7bf8uP6lH+jdg5X/cS6/rM3Dqb/yF34Zyo8XhPr031D+tj7Lv2X9962u/P/l8svb9siD/Za/VONafWU94nnjcv0vnjcuboT1L317Drz+qxyo8WYuH8bZqIwzO6hRGf+3l3gfxlfyfNkRlvsc4ngng9a/3F9Rvgf2hNevVXy/bfbxfy+uY12G4Rs5rfo8lPF/y/bY7DJf75hvdHlvN+u+BkbVh67/mUxjOy0sLKztCa0KQy2cob//w/6dMOzyh/3+V4nj/8Zj+Dj+b4zH8X9jPI7/G+NxfL0Yj+P/xvczjv8b4/eG143jA09XxD9dEd9bEb+vIr6vIv6ZiviBivj9FfEHKuL3VMQfrIh/riL++Yr4QxXxRyriX6iIb3alPcq4rj+Ms9g+z+cfxke5/tPr87+7Ig6Mrp+9ffDJ5377neZS+/+p9vmQch3vaJ7fn387/zjPx+veqWN+MfZunv9biG/08x0wTmL/GfH7/eGKODC6yn1ePt8whmrde+zpt9+qXsf5jJYv5vRLOf1yTh/N6UxOZ3N6MKdz61Q/1saTv/n9kddry7/3d4Z4v/eTx/ZAsZ+oQ33WJ54fGPR+9tiP36But/xVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly++8eezZE2dmF5c83s7RbP2d7JhrtJ+X0mM5ncjpL/KDGx+9dqozvZnTWppLtVRrL09PX2+XtD2ldCHtT1dSM+29fPWN9+aeOnHx+KUD77915NravQMAAACw+f0/AAD//8MLDok=") syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000080)={{0x4, 0x6, 0x8, 0xa, 'syz0\x00', 0x75f}, 0x1, [0x0, 0x5, 0x7, 0x8000, 0x9, 0x8, 0x7fb, 0xfe, 0x5, 0x47f1, 0x2, 0x8, 0x5, 0x7, 0x1, 0x8, 0x0, 0x8000000000000001, 0x81, 0x1, 0x8000000000000000, 0xfff, 0x8, 0x1, 0xbddb, 0xb74, 0xe, 0x14, 0x567, 0x9, 0x0, 0x5, 0xcc, 0x81, 0xea, 0x80000000, 0x8687, 0x0, 0x3, 0x2e, 0x1, 0xab91, 0x2d5, 0xacc5f34, 0x8e, 0x6, 0x800, 0x0, 0x5, 0x2, 0x5, 0x3, 0x3, 0x100000000, 0x9a, 0x9, 0x0, 0x8, 0x2, 0x7, 0x1, 0x8, 0xfffffffffffffff2, 0x5, 0x1, 0x0, 0x7fffffff, 0xc, 0x7, 0xb, 0xfffffffffffffffd, 0x2, 0xcb5c, 0x2, 0x2, 0x8, 0x1, 0x80, 0xb1, 0x5, 0x26, 0x3, 0x8, 0x9, 0x1, 0xffffffffffffffff, 0x8, 0xffffffff, 0x9, 0x1, 0x2, 0xa9, 0x1, 0xffffffffffffffff, 0x9, 0x5, 0x4, 0x0, 0x8, 0x12b, 0x10001, 0x1, 0x6, 0x9, 0x9, 0x9, 0x80000000, 0x2, 0x3, 0xfffffffffffffffb, 0x271a, 0x0, 0x5, 0xff, 0x7, 0x4000000000000008, 0xa, 0x33, 0x2, 0x1bde, 0xfff, 0x3, 0x38000000000, 0xfffffffffffffe2d, 0x1, 0x5, 0x66fd]}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x9003000000000000, 0x40, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.502818868s ago: executing program 6 (id=798): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xac3, &(0x7f0000002a80)="$eJzs3V2MVFcBAOAzuzsLC1SWCnal2ILVtv50KcuKP0ShgZhISmN8adL4QiitRMTEmqhNE4En32zTYOKTP/GpL001JvbFkD750sSSNCZ9qj74IMG0iQ8VhWmYOWf2zmGGOzMsc3eY70vOnjn3nDvn3Nk7d+7fuScAE2uq+Xd5eaEWwvnXXz78rwf/OXd9yoF2ifnm35lCqh5CqMX0TPZ+70634qvvxxnDC8db6VZcC0vNvykdnrjcnndjCOFM2BkuhPmw/fzFl95cevzo2SPndr31yv5Lt2PZAQBg0nzzwv7lbX//671brrx638Gwrj097Z/HnfiwKe73H4w7/mn/fyp0pmuFUDSblZuJYWqus9x0l3LFeupZuZke9c9m9dd7lFsXbl7/dGFat+WGcZbW4/lQm1rsSE9NLS62jslD87h+trZ4+uSpZ56rqKHAqvvP/SGEnYVw6Fxneq2FA2ugDUOGxhpow1iGg6Or60qjpfJlHlFobK56CwTQks47tK8P5s7kZxZuTfvdZvqr//JjU93nh1Uw6vV/oPpnK64/qP93Z21xWD136tqUlit9jzbFdH4dIb9/qff3L7/S0Tk1vx5R77Odva4jjMv1hV7tnB5xO4bVq/35enGn+mqM0+fwtY7c+zu+P/n/dFz+x0B3H+Tn/wVBWNshdKTrt/JejR736wDk98010vXRKL+vL89fV5K/viR/riR/Q0n+xpJ8mGR/+OHPw4u1lfNd+TH9oOfD03m2u2L8kQHbk++HDFp/ft/voG61/vx+YljL/nTsyRNfevqpi637/2vt9f9aXN/T4cZ8/G5diAXS+cL8vHr7WGK+s56pHuXuztpzV5fyzddbO8vVtq68TyhsZ25ox0LnfJt7ldvRWW4+KzcXw/qsvfn+yYZsvrT/kbar6fOayZa3ni3HbNaOtF3ZEuO8HTCMtD72uv8/rZ8LoV575uSpE4/GdFpP/zJdX3d9+p4Rtxu4df32/1kInf1/NrWn16eK24XNK9Nrre3Ca/H9OqcvtespTC/8qKXfue9MzzXLLx7//qmnV3nZYdI995Pnv3vs1KkTP/DiJi/SXn73Ml9fAy0c8EVaoLXSHi8GfbHzdldR4UYJGIndP23tBDxy8nvHnj3x7InTe/ft27u0tO/Le5d3N/frdxf37ovOVNBaYDWt/OhX3RIAAAAAAAAAAACgXz86cvji22988Z1W//+V/n+p/3+68zf1//9Z1v8/7yef+sGnfoBbuuQ3y2QPWJ3NytVj+GjW3q1ZPduy+T4W4/Y4frH/f6ouf65ras892fR6j2T2OIEbnpcymz2DJB8v8JMxPhfj3waoUG2u++QY3+T51rUPCut6ej5FoQtvw/OBx0f6vzXXhsIjjVL/767PderSX5vxMooei1UvI9Ddvyfq+d/vrSx45W0ReoeZ0db3y8ldJxo999L7HcEGYHVUPf5nOu+Z4tN//sb66yEVu/xY5/Yyf34pDOJvb3em1/r4k7e7/nzcvlHXX/Xyj3r8z/b4d31v/7IR8+aHq/e/v7r0TqHasL3f+vPlT8+B3jpY/Vdi/WlpHgr91d/4TVZ/fkGoT//L6t/QZ/03LP+O4er/f6w/fWwPP9Bv/a0W16Y62zGXLUe6/pefN06uZsufnu15k/q/9Xy35R9yoMZrsX6YZOMyzuygsv2I9k778OP/RmdWd/zfdmOzzVp+H8YXYjptiNN9Dvl4J4O2P91fkX4HtmXvXyv5fTP+73j7SozLvg9p/N+0Ps7Hn/xCuvlZpnS9y2d7p25rYFy9O9T1v/cqv26xtsOl1mHQcPOvr779wgChMT3EfO1x4ipuf6PRqHToX+MOV6vqz7/q44Sq66/68y+Tj/+b78Pn4//m+fn4v3l+Pv5vnj8X/0O98vPxf/PPMx//N8+/J3vffHzghZL8j5fkb++e3z5sv7dk/h0l+Z8oyd/Vzj/QUSLl33fT+VfK9Xr/u0vyHyjJ/1RJ/qdL8h8syX+4kF8cAzrlf6Zk/jtd6o8yqcsPkyzvn+f7D5MjXf/p9f3fWpIPjK9fvLrn0FO///Z8q///bPt8SLqOdzCm6/H46ccxnV/3DoX09bw3YvofWf5aP98BkyR/fkb++/5QST4wvtJ9Xr7fMIFq67tPjnHZc6t67eczXj4b48/F+PMxfiTGizHeHeM9MV4aUfu4PQ699sf9L9ZWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/UN2BwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjMVPPv8vJCLYTzr798+MmjJ3dfn3KgXWK++XemkKq35wvh0RhPx/jX8cXV9184XoyvxbgWlkIt1NrTwxOX2zVtDCGcCTvDhTAftp+/+NKbS48fPXvk3K63Xtl/6fZ9AgAAAHDn+zAAAP//LlQL6Q==") r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x90000) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x1000, 0x2, 0xbfdffffc}, 0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4d}, 0x1}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0) write$P9_RSYMLINK(r1, &(0x7f0000000100)={0x14, 0x11, 0x2, {0x2, 0x0, 0x6}}, 0xffffff30) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, 0x0, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NFC_CMD_ENABLE_SE(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x71eff8d2059dfe60}, 0xc004) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000040)=""/27, 0x1b, 0x0, 0x1, 0x1}}, 0x48) write$vhost_msg_v2(r0, 0x0, 0x0) write$vhost_msg_v2(r0, 0x0, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) 2.214699825s ago: executing program 0 (id=800): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=@nat={'nat\x00', 0x1b, 0x5, 0x448, 0x0, 0x1b0, 0xffffffff, 0x1b0, 0x0, 0x4c8, 0x4c8, 0xffffffff, 0x4c8, 0x4c8, 0x5, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x14, @ipv6=@mcast1, @ipv6=@private0, @icmp_id=0x67, @port=0x4e24}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x4b93, 0x3}}}, {{@ipv6={@empty, @mcast1, [0xffffffff, 0x0, 0xffffffff, 0xffffffff], [0xff000000, 0xffffff00, 0x0, 0xffffffff], 'caif0\x00', 'nr0\x00', {}, {0xff}, 0x3c, 0x6, 0xc94eeff961d53c99, 0x10}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x9, 0x7fa2}}}, {{@ipv6={@private0, @empty, [0xff000000, 0x0, 0xffffff00, 0xffffff00], [0xffffffff, 0xff, 0x0, 0xff000000], 'bridge0\x00', 'bridge_slave_1\x00', {0xff}, {0xff}, 0x33, 0x5, 0x1}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0xbc, 0x1, {0x401}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a8) 2.164371791s ago: executing program 3 (id=801): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x8000) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000680001000000000000000000020000000400000006000700040000000c000880050005000000000008000600f200000008000500", @ANYRES32=r2], 0x3c}}, 0x0) 1.996359853s ago: executing program 0 (id=803): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0xf6d0e000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x2) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 1.996177913s ago: executing program 3 (id=804): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x1, 0x2, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x4, 0x8}) 1.824577105s ago: executing program 3 (id=805): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000010}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000a80)='./file0\x00', 0x2800810, &(0x7f0000000640)=ANY=[@ANYBLOB="646f74732c747a3d5554432c646f74732c646f74732c6e6f646f74732c666c7573682c646f74732c6e6f646f74732c71756965742c00b3d27234e95eb4b44190021bbbe89ab824d38c571641668d362b4dff6e47bdf1638c7462a3bd66a53b404ae08c32af6843a2469c7210381b9d48047c77540b6447a8e50c44cb44f91e4264a37e0209c3a234f4803ba56b7a24536ee396f4838f4143b92ad909efb23eb22dce6477c2bb5b8f793b9e07c2120d566cf1f6ba51e4d01e8ef223a2ba72cfb3127844c045765149fb1219f433feb977426596e07082254e9930296256df143ff90177d8c28c533724fbd9fdad260e7d875d0f17374141abc60c8e3c07e4a7bc381791172c217f00964aaf6e213a252b9689ae38342862d27437921e13229d407e1a6037e3f16a2cdab8f9c76a66a72ccc67015c9435e200f9fbb9d78ce426b37310b9f127e7b1207c74eff7b853de7043a001de85931463c7fc7c78be9eb9b5f88c0067aabb3a5d1f94bcc90537c1c1ce509450160c"], 0x3, 0x185, &(0x7f00000003c0)="$eJzs27GKE1EUBuAzJrvuKsjWYjFgYxXUylKRFcQBRUmxVgqrza4smGa0Cj6JrZVPJkiqFMKVZGKMITERHSea72tyMj8XzgmZXG5gnl15dXJ81nt59mgQe1kW7duRxzCLgzgXraj0AwD4nwxTis+7kzfvI6XUcEMAQO3G+39KKZ3vx779HwC2wsr9/9ZPFu/U3BwAUIvfOP9fqrUxAKA2T46ePrhTFIeP83wv4lO/7Jbd6rXK790vDq/nYwffVw3Kstua5jeqPP8x34kLk/zmwnw3rl2t8lF292Exl1+M4/rHBwAAgK3QyacWnu87nWV5Vc38PzB3fm/H5fZfGwMA+AW9N29Pnp+evnit+HeLtBltNFV8SSnNXBl9rddZ/u5DdQtsyBR/tsjW/BCWFw3/MAG16338dtM33QkAAAAAAAAAAAAAALDM6ueBjvYj1n5mKIuYvdJqejwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY6GsAAAD//1ZsRdQ=") r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x800448d2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00', r2}, 0x18) 1.457340222s ago: executing program 1 (id=806): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpriority(0x1, 0x18) r3 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000"], 0x48) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 1.372299293s ago: executing program 3 (id=807): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)={r2, 0xf, 0x5}, 0x8) 1.183740868s ago: executing program 6 (id=808): creat(&(0x7f00000000c0)='./file0\x00', 0x2) mount$9p_virtio(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x800000, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=virtio,cache=readahead,access=', @ANYBLOB="c5"]) 1.153489081s ago: executing program 5 (id=809): r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r4 = dup(r3) chdir(0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000040)='./file0\x00', r4}, 0x18) 936.335889ms ago: executing program 5 (id=810): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000500)={[{@i_version}, {@usrquota}, {@bh}]}, 0x1, 0x523, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AgiNfbGsrzrtbzrUptIuGeuSFTiBEf+AM49ceeC4MalHJD4YYFqJA5TzezY2di79qaJvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiIdyNipjyelFu81d3y8z7ZfbC4t/tgMYkse+dfSVGeH4uen8ldK19zKiJ+8J2InyRH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5427r9ceozVTx5a+1JwoU1/++I873/hZXq3p8khvO56mbtMrB3FylyPie6cRbAQule2ZGHVF+EzSiHg+Il4urv+ZuFT8NgGAiyzLZiKb6c0DABddWsyBJWm1nAuYjjStVrtzeC/E1bTRandu3W9tri1158quRyW9v9Ko3ynnCq9HJcnzc0X6Yb52KH83Ip6LiF9OXiny1cVWY2mUNz4AMMauHRr//zvZHf8BgAvu+I/NAAAXkfEfAMaP8R8Axo/xHwDGT3f8v/K4P5Zl2c9PozoAwBnw/A8A48f4DwBj5ftvv51v2V75/ddL721trrbeu71Ub69Wm5uL1cXWxnp1udVaLr6zp3nS6zVarfW512Lz/evfXG93Zttb2/earc21zr3ie73v1SvFWTtn0DIAYJDnXvroL0k+Ir95pdiiZy2HykhrBpy2dNQVAEbm0qgrAIyM1b5gfD18xn/sDwGYHoALos8SvY+Y6vcHQlmWZadXJeCU3fyC+X8YVz3z/z4FDGPmpPn/Ym1gbxLChWT+H8ZXliXDrvkfw54IAJxvx8zxXz/L+xBgdAa8//98uf9d+ebAj5YOn/HhadYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzrf99X+r5TK/05Gm1WrEM8UCQJXk/kqjficino2IP09WJvP83IjrDAA8qfTvSbn+182ZV6cfKXrx2kFyIiJ++ut3fvX+Qqez8aeIieTfk/vHOx+Wx2snBps6jRYAAMfbH6eLfc+D/Ce7Dxb3t7Oszz++3b0ryOPu7U7E3kH8y3G52E9FJSKu/icp811Jz9zFk9j5ICI+36/9SUwXcyDdW5bD8fPYz5xp/PSR+Gm5QHNa/lt87inUBcbNR3n/81a/6y+NG8W+//U/VfRQT67s//KXWtwr+sCH8ff7v0sD+r8bw8Z47Q/f7aauHC37IOKLlyP2Y+/19D/78ZMB8V8dMv5fv/Tiy4PKst9E3Iz+8XtjzXaa67Ptre3bK82F5fpyfa1Wm5+bv/PG3ddrs8Uc9ezg0eCfb956dlBZ3v6rA+JPndD+rw7Z/t/+/90ffuWY+F9/pV/8NF44Jn4+Jn5tyPgLV38/8Lk7j790tP3JML//W0PG//hv20eWDQcARqe9tb260GjUNyTGNPHjOBfVGC6R/5c9B9Xom/jWWcWaiP5Fv3ile00fKsqyzxRrUI/xNGbdgPPg4KKPiP+NujIAAAAAAAAAAAAAAEBfZ/EXS6NuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXpwEAAP//+E3TQw==") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) r2 = creat(&(0x7f0000000040)='./bus\x00', 0xa8) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080)=0x20) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x2, 0xfffefffffdffffff}) 936.097609ms ago: executing program 6 (id=811): mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000040)={[{@noswap}]}) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x800, 0x30) symlinkat(&(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00') 817.963645ms ago: executing program 6 (id=812): getpid() open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x4, 0xfffb}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r2, {0xc, 0x8}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) 587.919094ms ago: executing program 5 (id=813): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000390428007000fddbdf2500000000", @ANYRES32=r2, @ANYBLOB="00000000000000002800128008000100677265001c0002800800140002000000060010004e22000006000f00"], 0x48}}, 0x0) 323.648689ms ago: executing program 5 (id=814): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) pipe(&(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x80, 0x4) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) 322.647418ms ago: executing program 6 (id=815): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000002c0)={0x100042, 0xf7, 0x1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r2, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0xfffd}}, 0x10, 0x0}, 0x0) 192.461015ms ago: executing program 3 (id=816): capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200006, 0x801, 0x4, 0x7, 0xb0}) r0 = socket$netlink(0x10, 0x3, 0xb) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000580)=0x16, 0x4) 177.103588ms ago: executing program 5 (id=817): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="a650481648", 0x5}], 0x1}, 0x49cf75490797e69f) ioctl$SIOCSIFHWADDR(r0, 0x8905, 0x0) 170.279838ms ago: executing program 6 (id=818): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000400000008"], 0x48) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{r4}, &(0x7f0000000980), &(0x7f00000009c0)=r0}, 0x20) 43.301045ms ago: executing program 3 (id=819): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800718, &(0x7f00000003c0)={[{@delalloc}, {@journal_dev={'journal_dev', 0x3d, 0x40000ff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x60}}, {@nobh}, {@resgid={'resgid', 0x3d, 0xee00}}, {@resuid}, {@nombcache}, {@noblock_validity}, {@usrquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x4}}]}, 0x2, 0x497, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTN76nvz6qy+tVaNFCIpJk1btwYuiIFJR0EM9xs22hG4baSLYF2wU8SRIQc/iUfQvEC8iiHoSPAmePEmhaC5tPUVmdqZNtrtp02yytfv5wGafZ+bZmee7M8/MM8+zCaBrDWd/kohtEfF7RAzWs8sLDNffriycq1xdOFdJYnHx9b+SvNzlhXOVsmj5ua1FZiSNSD9Mip0sN3v6zPHJWq16qsiPzZ0YKJKTx6rHqicnDh06eGD8macnnmpLnFlcl/e8N7N390tvXnilcuTCWz99ndV3W7F+aRyr9NtYixXDWeB/L+Ya1z12mzu7U21fkk56O1gRVqUnIrLD1Ze3/8HoiesHbzBe/KCjlQPWVXZvGmi9en4RuIsl0ekaAJ1R3ui3LPRUsmfgG5+DB9ez+9Fxl56rPwBlcV8pXvU1vZEWZfoanm/baTgijsz/83n2irWNQwAA3JKPK58d7o+Is1e/ejnre1zv7aW99+bvf+R/dxQ9waGI+F9E7IyI/0fEroi4JyKysvdFxP1rrM+N/Z/04ho3uaKs//dsMbe1vP9X9v5iqKfIbc/j70uOTteq+4vvZCT6BrL8+Ar7+O6FXz9ptW5p/y97Zfsv+4JFPS72NgzQTU3OTead0ja49H7Ent5m8SfXZgKSiNgdEXtWt+kdZWL68S/3tip08/hX0IZ5psUvsvDms/jnoyH+UlKfn3x7bPb0mSenTzTOT45tilp1/1h5Vtzo518+eq3V/uvxbypyzePfvPYwW7pUrb8vOf6NRYaSpfO1s+3d/22e/2l/8kY+z9xfLHt3cm7u1HhEf3I4zy9bPnH9s2W+LJ+d/yP7mrf/ncVnsvgfiIjsJH4wIh6KiIeLuj8SEY9GxL4VYvzx+ZvHH+ltnP9tkMU/1fT6d+38bzj+q0/0HP/hm1b7v7XjfzBPjRRL8utfg6Qh36w6vREDjRVc6/cHAAAA/wVp/hv4JB29lk7T0dH6b/h3xZa0NjM798TRmXdOTtV/Kz8UfWk50jVYjIfWpmvV8WS+2GJ9fHSiGCsux0sPFOPGn/ZszvOjlZnaVIdjh263tUX7z/zZ0+naAets+fRSOQE80d+RygAbrHEePV2ePf9quBjA3cr/a0P3ukn7TzeqHsDGc/+H7tWs/Z9vyJsLgLuT+z90L+0fulT6fdPF3254RYBOcP+HrrSW/+tfx8SmO6ManUls9EGJVRWOMpF2/IuSKBJni9bczi13+MIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQJv8GAAD//2Uu29Y=") 0s ago: executing program 5 (id=820): r0 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$cgroup(0x0, &(0x7f0000000600)='.\x00', &(0x7f0000000640), 0x2208010, 0x0) lseek(0xffffffffffffffff, 0x10000000005, 0x1) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0) write$sequencer(r5, 0x0, 0x10) kernel console output (not intermixed with test programs): 50107][ T4187] team0: Port device team_slave_1 added [ 60.956364][ T4193] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.964236][ T4193] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.972057][ T4193] device bridge_slave_0 entered promiscuous mode [ 60.983048][ T4199] team0: Port device team_slave_0 added [ 60.991395][ T4185] team0: Port device team_slave_0 added [ 61.022657][ T4193] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.029761][ T4193] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.038244][ T4193] device bridge_slave_1 entered promiscuous mode [ 61.046764][ T4199] team0: Port device team_slave_1 added [ 61.060448][ T4185] team0: Port device team_slave_1 added [ 61.114361][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.121353][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.147491][ T4187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.171680][ T4199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.179066][ T4199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.206162][ T4199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.218156][ T4185] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.225411][ T4185] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.252392][ T4185] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.269209][ T4193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.281000][ T4193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.291099][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.298356][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.324871][ T4187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.336934][ T4199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.344179][ T4199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.370175][ T4199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.381896][ T4185] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.388981][ T4185] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.415160][ T4185] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.481801][ T4193] team0: Port device team_slave_0 added [ 61.523521][ T4193] team0: Port device team_slave_1 added [ 61.533570][ T4187] device hsr_slave_0 entered promiscuous mode [ 61.540289][ T4187] device hsr_slave_1 entered promiscuous mode [ 61.546997][ T4187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.555105][ T4187] Cannot create hsr debugfs directory [ 61.570170][ T4185] device hsr_slave_0 entered promiscuous mode [ 61.577180][ T4185] device hsr_slave_1 entered promiscuous mode [ 61.584303][ T4185] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.591890][ T4185] Cannot create hsr debugfs directory [ 61.618403][ T4199] device hsr_slave_0 entered promiscuous mode [ 61.633056][ T4199] device hsr_slave_1 entered promiscuous mode [ 61.639859][ T4199] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.647880][ T4199] Cannot create hsr debugfs directory [ 61.665949][ T4193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.673132][ T4193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.699593][ T4193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.737274][ T4193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.745334][ T4193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.771700][ T4193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.801924][ T1109] Bluetooth: hci3: command 0x0409 tx timeout [ 61.816819][ T1109] Bluetooth: hci2: command 0x0409 tx timeout [ 61.823159][ T1109] Bluetooth: hci4: command 0x0409 tx timeout [ 61.829250][ T1109] Bluetooth: hci1: command 0x0409 tx timeout [ 61.835848][ T1109] Bluetooth: hci0: command 0x0409 tx timeout [ 61.885852][ T4193] device hsr_slave_0 entered promiscuous mode [ 61.892811][ T4193] device hsr_slave_1 entered promiscuous mode [ 61.899926][ T4193] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.907774][ T4193] Cannot create hsr debugfs directory [ 62.079369][ T4186] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.089935][ T4186] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.116424][ T4186] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.129435][ T4186] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.192017][ T4185] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.224566][ T4185] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.246279][ T4187] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.256516][ T4185] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.266829][ T4185] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.277669][ T4187] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.289818][ T4187] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.309805][ T4187] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.405334][ T4199] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.418644][ T4199] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.438626][ T4199] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.450944][ T4199] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.469210][ T4186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.524397][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.535822][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.557537][ T4187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.578938][ T4186] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.589913][ T4193] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.603013][ T4193] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.617710][ T4187] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.649782][ T4193] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.659218][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.668478][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.677518][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.686901][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.696771][ T3076] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.704059][ T3076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.714540][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.724608][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.734404][ T3076] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.741491][ T3076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.749359][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.760890][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.769879][ T3076] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.777003][ T3076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.798378][ T4193] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.810979][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.824489][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.834104][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.845484][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.856015][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.864878][ T3076] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.871950][ T3076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.893037][ T4199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.920475][ T4185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.935413][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.946712][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.957514][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.967405][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.976812][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.986110][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.994882][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.003786][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.025375][ T4199] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.034321][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.046300][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.055970][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.065675][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.077774][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.086595][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.094627][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.102560][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.110325][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.136746][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.146349][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.157534][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.166725][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.177079][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.184196][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.192839][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.201648][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.211459][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.222271][ T4185] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.239178][ T4187] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.254570][ T4187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.283569][ T4186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.297871][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.310595][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.320048][ T3076] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.327177][ T3076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.335897][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.344912][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.353401][ T3076] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.360532][ T3076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.369074][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.377855][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.387518][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.396467][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.407038][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.417976][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.426882][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.435582][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.449257][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.458845][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.468050][ T3076] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.475194][ T3076] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.533019][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.545526][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.557436][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.567484][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.583087][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.602757][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.619713][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.631234][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.642687][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.651269][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.660974][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.671102][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.680737][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.690313][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.699399][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.708497][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.719869][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.729056][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.746316][ T4193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.761386][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.771077][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.792628][ T4185] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.807236][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.827367][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.852198][ T4199] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.873111][ T4255] Bluetooth: hci0: command 0x041b tx timeout [ 63.878552][ T4193] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.879738][ T4255] Bluetooth: hci1: command 0x041b tx timeout [ 63.912830][ T4255] Bluetooth: hci4: command 0x041b tx timeout [ 63.913952][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.947146][ T4255] Bluetooth: hci2: command 0x041b tx timeout [ 63.953630][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.954098][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.954350][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.987220][ T4255] Bluetooth: hci3: command 0x041b tx timeout [ 63.990856][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.012937][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.033453][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.048616][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.055767][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.074271][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.110472][ T4187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.124999][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.139658][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.150106][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.168447][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.194310][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.205376][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.215882][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.239724][ T4186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.257032][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.297727][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.307741][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.318372][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.327165][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.336412][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.345026][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.352903][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.360392][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.374942][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.383938][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.394355][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.405755][ T4199] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.427257][ T4193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.447572][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.459645][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.473905][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.488160][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.550254][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.565348][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.578170][ T4187] device veth0_vlan entered promiscuous mode [ 64.610030][ T4186] device veth0_vlan entered promiscuous mode [ 64.623431][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.637537][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.646406][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 64.660871][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 64.671110][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.688198][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.698307][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.706479][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.733738][ T4186] device veth1_vlan entered promiscuous mode [ 64.757649][ T4187] device veth1_vlan entered promiscuous mode [ 64.788070][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.805420][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 64.817164][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.828881][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 64.845571][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 64.858253][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 64.868980][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 64.899574][ T4199] device veth0_vlan entered promiscuous mode [ 64.935572][ T4186] device veth0_macvtap entered promiscuous mode [ 64.949034][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 64.957706][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 64.966957][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 64.976077][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.983921][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.991362][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.003544][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.012300][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.021135][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.030321][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.049568][ T4199] device veth1_vlan entered promiscuous mode [ 65.062157][ T4186] device veth1_macvtap entered promiscuous mode [ 65.070323][ T4187] device veth0_macvtap entered promiscuous mode [ 65.081831][ T4193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.100541][ T4185] device veth0_vlan entered promiscuous mode [ 65.107930][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.118142][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.127905][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.137106][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.146052][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.156258][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.168028][ T4187] device veth1_macvtap entered promiscuous mode [ 65.190923][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.199366][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.208387][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.228693][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.240693][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.254048][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.268153][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.289229][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.298324][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.307854][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.326114][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.338763][ T4185] device veth1_vlan entered promiscuous mode [ 65.350860][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.361937][ T4186] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.371634][ T4186] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.380869][ T4186] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.389766][ T4186] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.426315][ T4199] device veth0_macvtap entered promiscuous mode [ 65.434218][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.446910][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.456222][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.466444][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.475476][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.484249][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.494416][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.505183][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.517032][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.531686][ T4193] device veth0_vlan entered promiscuous mode [ 65.541277][ T4199] device veth1_macvtap entered promiscuous mode [ 65.550450][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.561463][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.569744][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 65.579678][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.597703][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.606410][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.619031][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.627619][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.639694][ T4187] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.648725][ T4187] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.657753][ T4187] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.666994][ T4187] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.715330][ T4193] device veth1_vlan entered promiscuous mode [ 65.740299][ T4185] device veth0_macvtap entered promiscuous mode [ 65.755055][ T4185] device veth1_macvtap entered promiscuous mode [ 65.808927][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.825221][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.836287][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.849645][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.861887][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.870341][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 65.880763][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 65.889533][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 65.900406][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.910361][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 65.918888][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 65.928180][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.937283][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 65.965237][ T7] Bluetooth: hci4: command 0x040f tx timeout [ 65.979748][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.993573][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.002906][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 66.005583][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.009670][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 66.020531][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.038132][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.043462][ T4255] Bluetooth: hci3: command 0x040f tx timeout [ 66.057088][ T4255] Bluetooth: hci2: command 0x040f tx timeout [ 66.058515][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.076739][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.088535][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.097531][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.107695][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.117264][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.134260][ T4193] device veth0_macvtap entered promiscuous mode [ 66.153692][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.173454][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.184219][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.196811][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.208477][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.216481][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.227337][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.238117][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.248618][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.258746][ T4199] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.270990][ T4199] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.284390][ T4199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.294017][ T1275] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.302043][ T1275] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.315274][ T4199] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.329022][ T4199] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.338123][ T4199] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.347148][ T4199] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.367625][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.376816][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.385652][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.395294][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.404296][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.414330][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.426353][ T4185] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.437013][ T4185] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.445862][ T4185] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.455315][ T4185] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.468165][ T4193] device veth1_macvtap entered promiscuous mode [ 66.529152][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.540607][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.550851][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.562231][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.572119][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.582679][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.595049][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.605561][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.617332][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.627187][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.636744][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.661091][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.669952][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.681787][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.694328][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.707862][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.718068][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.728667][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.738789][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.749656][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.761603][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.772206][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.783920][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.799682][ T4273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.816672][ T4273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.822460][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.839740][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.850964][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 66.868109][ T4193] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.880335][ T4193] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.893089][ T4193] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.903040][ T4193] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.994020][ T4273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.011063][ T4273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.039580][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.081648][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.093788][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.131444][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.196537][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.228305][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.233558][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.278535][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.290970][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.338622][ T4273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.347377][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.360232][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.392495][ T4273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.413140][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.441222][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.470984][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.502801][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.511286][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.615013][ T1173] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.628057][ T4308] loop1: detected capacity change from 0 to 512 [ 67.684748][ T4308] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 67.741990][ T4308] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 67.801860][ T4308] EXT4-fs (loop1): orphan cleanup on readonly fs [ 67.832467][ T4308] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.7: bg 0: block 248: padding at end of block bitmap is not set [ 67.880277][ T4316] loop0: detected capacity change from 0 to 512 [ 67.897959][ T4320] loop4: detected capacity change from 0 to 512 [ 67.914807][ T4308] Quota error (device loop1): write_blk: dquota write failed [ 67.928611][ T4308] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 67.940890][ T4308] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.7: Failed to acquire dquot type 1 [ 67.965658][ T4308] EXT4-fs (loop1): 1 truncate cleaned up [ 67.975669][ T4308] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nolazytime,noblock_validity,grpjquota=,bsdgroups,jqfmt=vfsold,auto_da_alloc,nogrpid,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 68.007517][ T4320] EXT4-fs (loop4): Ignoring removed bh option [ 68.033675][ T1109] Bluetooth: hci1: command 0x0419 tx timeout [ 68.039213][ T4308] EXT4-fs (loop1): shut down requested (0) [ 68.058141][ T1109] Bluetooth: hci4: command 0x0419 tx timeout [ 68.101377][ T4316] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 68.124493][ T4308] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 68.127703][ T1109] Bluetooth: hci2: command 0x0419 tx timeout [ 68.145548][ T4320] EXT4-fs (loop4): mounted filesystem without journal. Opts: nouid32,nogrpid,bh,,errors=continue. Quota mode: writeback. [ 68.150378][ T1109] Bluetooth: hci3: command 0x0419 tx timeout [ 68.164479][ T1109] Bluetooth: hci0: command 0x0419 tx timeout [ 68.202867][ T4320] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 68.213317][ T4316] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 68.255219][ T4316] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.8: Corrupt directory, running e2fsck is recommended [ 68.283543][ T4308] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 68.337424][ T4308] ext4 filesystem being remounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.408838][ T4316] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 68.418900][ T4332] loop3: detected capacity change from 0 to 128 [ 68.431100][ T4316] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2229: inode #15: comm syz.0.8: corrupted in-inode xattr [ 68.471895][ T4316] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.8: couldn't read orphan inode 15 (err -117) [ 68.492304][ T4308] syz.1.7 (4308) used greatest stack depth: 21048 bytes left [ 68.493251][ T4316] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,auto_da_alloc=0x0000000000000004,jqfmt=vfsold,nolazytime,grpjquota=.journal_async_commit,resuid=0x0000000000000000,barrier=0x0000000000001000,grpid,,,errors=continue. Quota mode: writeback. [ 68.505811][ T4332] ======================================================= [ 68.505811][ T4332] WARNING: The mand mount option has been deprecated and [ 68.505811][ T4332] and is ignored by this kernel. Remove the mand [ 68.505811][ T4332] option from the mount to silence this warning. [ 68.505811][ T4332] ======================================================= [ 68.609942][ T4316] capability: warning: `syz.0.8' uses 32-bit capabilities (legacy support in use) [ 69.132577][ T4348] delete_channel: no stack [ 69.160108][ T4348] loop0: detected capacity change from 0 to 22 [ 69.382896][ T4348] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 69.419999][ T4355] loop2: detected capacity change from 0 to 512 [ 69.441221][ T4348] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 69.624235][ T4355] EXT4-fs error (device loop2): ext4_orphan_get:1427: comm syz.2.17: bad orphan inode 11862016 [ 69.732829][ T4355] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 69.783059][ T4355] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.341769][ T4369] netlink: 'syz.2.21': attribute type 12 has an invalid length. [ 70.362181][ T4369] netlink: 'syz.2.21': attribute type 29 has an invalid length. [ 70.370136][ T4369] netlink: 148 bytes leftover after parsing attributes in process `syz.2.21'. [ 70.390430][ T4371] loop1: detected capacity change from 0 to 512 [ 70.449991][ T4371] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,usrquota,minixdf,nombcache,. Quota mode: writeback. [ 70.490991][ T4371] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 70.663099][ T4376] device batadv_slave_0 entered promiscuous mode [ 70.704021][ T4375] device batadv_slave_0 left promiscuous mode [ 70.767235][ T4374] loop2: detected capacity change from 0 to 8192 [ 71.408673][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.415389][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.925094][ T4394] loop1: detected capacity change from 0 to 512 [ 72.011098][ T4394] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.31: inode #1: comm syz.1.31: iget: illegal inode # [ 72.036050][ T4394] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.31: error while reading EA inode 1 err=-117 [ 72.077711][ T4394] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2826: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 72.169259][ T4394] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.31: inode #1: comm syz.1.31: iget: illegal inode # [ 72.216801][ T4394] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.31: error while reading EA inode 1 err=-117 [ 72.272602][ T4394] EXT4-fs (loop1): 1 orphan inode deleted [ 72.285057][ T4394] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000003,norecovery,noinit_itable,init_itable=0x0000000000000001,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,dioread_lock,noblock_validity,noquota,,errors=continue. Quota mode: none. [ 72.473194][ T4402] loop2: detected capacity change from 0 to 512 [ 72.586757][ T26] audit: type=1326 audit(1768706650.466:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 72.671058][ T4402] loop2: detected capacity change from 0 to 256 [ 72.718760][ T26] audit: type=1326 audit(1768706650.496:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 72.868172][ T4402] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 72.984610][ T26] audit: type=1326 audit(1768706650.466:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 73.543959][ T4402] FAT-fs (loop2): Filesystem has been set read-only [ 73.563908][ T26] audit: type=1326 audit(1768706650.496:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 73.650439][ T26] audit: type=1326 audit(1768706650.496:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 73.702458][ T26] audit: type=1326 audit(1768706650.496:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 73.777553][ T4423] loop1: detected capacity change from 0 to 128 [ 73.805369][ T26] audit: type=1326 audit(1768706650.496:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 73.932765][ T26] audit: type=1326 audit(1768706650.496:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 73.992247][ T26] audit: type=1326 audit(1768706650.496:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 74.070496][ T26] audit: type=1326 audit(1768706650.496:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 74.122319][ T26] audit: type=1326 audit(1768706650.496:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 74.187366][ T26] audit: type=1326 audit(1768706650.496:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4400 comm="syz.2.34" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8bc5a9cb9 code=0x7ffc0000 [ 74.743614][ T4435] loop0: detected capacity change from 0 to 512 [ 74.822566][ T4435] EXT4-fs (loop0): Ignoring removed bh option [ 74.834771][ T4435] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 74.922733][ T4435] EXT4-fs (loop0): 1 truncate cleaned up [ 74.928663][ T4435] EXT4-fs (loop0): mounted filesystem without journal. Opts: data_err=abort,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 76.798688][ T4448] device bridge1 entered promiscuous mode [ 77.096209][ T4459] netlink: 8 bytes leftover after parsing attributes in process `syz.4.51'. [ 77.126287][ T4459] netlink: 4 bytes leftover after parsing attributes in process `syz.4.51'. [ 77.589900][ T4469] loop4: detected capacity change from 0 to 2048 [ 77.642496][ T4469] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 77.681595][ T4469] EXT4-fs (loop4): Ignoring removed nobh option [ 77.769715][ T4469] EXT4-fs (loop4): mounted filesystem without journal. Opts: abort,errors=remount-ro,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,minixdf,nobh,. Quota mode: none. [ 77.837450][ T4469] EXT4-fs error (device loop4): empty_inline_dir:1863: inode #12: block 5: comm syz.4.55: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=7952, size=60 fake=0 [ 78.568437][ T4469] EXT4-fs (loop4): Remounting filesystem read-only [ 78.692919][ T4469] EXT4-fs warning (device loop4): empty_inline_dir:1870: bad inline directory (dir #12) - inode 13, rec_len 7952, name_len 0inline size 60 [ 79.939483][ T4490] loop4: detected capacity change from 0 to 512 [ 80.232578][ T4490] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 80.244657][ T4490] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.315619][ T4501] delete_channel: no stack [ 81.321977][ T4501] loop0: detected capacity change from 0 to 22 [ 81.329863][ T4501] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 81.357306][ T4501] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 81.859015][ T4509] loop4: detected capacity change from 0 to 2048 [ 81.960738][ T4509] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 82.009339][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop4 [ 82.162078][ C0] sched: RT throttling activated [ 82.171972][ T4510] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.474658][ T4523] device bridge1 entered promiscuous mode [ 84.933390][ T4536] netlink: 32 bytes leftover after parsing attributes in process `syz.1.73'. [ 84.995422][ T4536] tipc: Invalid UDP bearer configuration [ 84.995471][ T4536] tipc: Enabling of bearer rejected, failed to enable media [ 85.659846][ T4551] delete_channel: no stack [ 85.678093][ T4551] loop3: detected capacity change from 0 to 22 [ 85.846367][ T4551] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 85.869819][ T4551] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 86.232807][ T4553] loop2: detected capacity change from 0 to 512 [ 86.300932][ T4555] loop1: detected capacity change from 0 to 2048 [ 86.386433][ T4553] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 86.424082][ T4555] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 86.506225][ T4558] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 86.579185][ T4553] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 86.767583][ T1107] cfg80211: failed to load regulatory.db [ 88.385728][ T4578] netlink: 8 bytes leftover after parsing attributes in process `syz.3.85'. [ 89.948848][ T4601] loop3: detected capacity change from 0 to 512 [ 90.043851][ T4601] EXT4-fs (loop3): orphan cleanup on readonly fs [ 90.051343][ T4601] __quota_error: 73 callbacks suppressed [ 90.051361][ T4601] Quota error (device loop3): v2_read_file_info: Block with free entry too big (9 >= 6). [ 90.069614][ T4601] EXT4-fs warning (device loop3): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 90.084837][ T4601] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 90.095759][ T4601] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.93: bad orphan inode 14 [ 90.119997][ T4601] ext4_test_bit(bit=13, block=18) = 1 [ 90.158282][ T4601] is_bad_inode(inode)=0 [ 90.183155][ T4601] NEXT_ORPHAN(inode)=0 [ 90.187282][ T4601] max_ino=32 [ 90.190485][ T4601] i_nlink=1 [ 90.194929][ T4601] EXT4-fs (loop3): 1 truncate cleaned up [ 90.200825][ T4601] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 91.090856][ T4604] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 91.549620][ T4629] loop1: detected capacity change from 0 to 4096 [ 91.700217][ T4629] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 91.796198][ T4629] EXT4-fs (loop1): shut down requested (1) [ 93.642810][ T4652] device bridge2 entered promiscuous mode [ 94.650293][ T4668] loop1: detected capacity change from 0 to 2048 [ 94.747680][ T4668] NILFS (loop1): invalid segment: Inconsistency found [ 94.762181][ T4668] NILFS (loop1): trying rollback from an earlier position [ 94.802909][ T4668] NILFS (loop1): recovery complete [ 94.817206][ T4672] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 96.105451][ T4687] delete_channel: no stack [ 97.477615][ T4701] netlink: 256 bytes leftover after parsing attributes in process `syz.1.122'. [ 97.482018][ T4702] device bridge2 entered promiscuous mode [ 97.524123][ T4701] netlink: 68 bytes leftover after parsing attributes in process `syz.1.122'. [ 97.722590][ T4705] device syzkaller0 entered promiscuous mode [ 99.084506][ T4724] loop1: detected capacity change from 0 to 512 [ 99.247693][ T4724] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 99.298695][ T4727] loop0: detected capacity change from 0 to 2048 [ 99.390186][ T4724] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 99.409874][ T4727] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 99.468555][ T4729] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 100.899888][ T4748] netlink: 'syz.2.135': attribute type 3 has an invalid length. [ 100.949676][ T4747] syz.0.134 uses obsolete (PF_INET,SOCK_PACKET) [ 101.669263][ T4757] device bridge3 entered promiscuous mode [ 103.133245][ T4780] loop4: detected capacity change from 0 to 2048 [ 103.208067][ T4780] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 103.257403][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop4 [ 103.448786][ T4785] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 104.330168][ T4794] loop4: detected capacity change from 0 to 128 [ 104.488483][ T4794] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 104.541115][ T4794] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.554415][ T4805] device bridge1 entered promiscuous mode [ 105.569931][ T4805] Zero length message leads to an empty skb [ 106.836239][ T4820] delete_channel: no stack [ 106.843321][ T4820] loop4: detected capacity change from 0 to 22 [ 106.913077][ T4820] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 106.923714][ T4820] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 107.198785][ T4824] loop2: detected capacity change from 0 to 512 [ 107.688129][ T4824] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 107.872521][ T4824] ext4 filesystem being mounted at /30/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.494275][ T4842] loop1: detected capacity change from 0 to 128 [ 110.194978][ T4857] loop1: detected capacity change from 0 to 512 [ 110.326693][ T4859] loop4: detected capacity change from 0 to 512 [ 110.336205][ T4857] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 110.401914][ T4857] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 110.430823][ T4859] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 110.496570][ T4857] EXT4-fs error (device loop1): ext4_do_update_inode:5218: inode #2: comm syz.1.166: corrupted inode contents [ 110.511163][ T4859] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.602171][ T4857] EXT4-fs error (device loop1): ext4_dirty_inode:6054: inode #2: comm syz.1.166: mark_inode_dirty error [ 110.684014][ T4857] EXT4-fs error (device loop1): ext4_do_update_inode:5218: inode #2: comm syz.1.166: corrupted inode contents [ 110.751138][ T4857] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.166: mark_inode_dirty error [ 110.775750][ T4870] loop4: detected capacity change from 0 to 1024 [ 110.866212][ T4870] EXT4-fs (loop4): Ignoring removed oldalloc option [ 110.909865][ T4870] EXT4-fs (loop4): Ignoring removed bh option [ 110.928368][ T4870] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 111.156227][ T4870] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,usrquota,data_err=ignore,mb_optimize_scan=0x0000000000000001,oldalloc,grpquota,noload,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 112.202620][ T4870] netlink: 24 bytes leftover after parsing attributes in process `syz.4.170'. [ 112.604805][ T21] kernel write not supported for file bpf-prog (pid: 21 comm: kworker/1:0) [ 112.694663][ T4895] loop4: detected capacity change from 0 to 128 [ 116.138948][ T4938] loop3: detected capacity change from 0 to 512 [ 116.221055][ T4938] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 116.302463][ T4938] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 116.406881][ T4938] EXT4-fs (loop3): orphan cleanup on readonly fs [ 116.526720][ T4938] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.190: bg 0: block 248: padding at end of block bitmap is not set [ 116.588552][ T4938] Quota error (device loop3): write_blk: dquota write failed [ 116.596488][ T4938] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 116.607292][ T4938] EXT4-fs error (device loop3): ext4_acquire_dquot:6209: comm syz.3.190: Failed to acquire dquot type 1 [ 116.624360][ T4946] device bridge1 entered promiscuous mode [ 116.638849][ T4938] EXT4-fs (loop3): 1 truncate cleaned up [ 116.653295][ T4938] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,nolazytime,noblock_validity,grpjquota=,bsdgroups,jqfmt=vfsold,auto_da_alloc,nogrpid,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 116.680458][ T4938] EXT4-fs (loop3): shut down requested (0) [ 118.298441][ T4968] ODEBUG: Out of memory. ODEBUG disabled [ 119.946145][ T4977] delete_channel: no stack [ 119.962396][ T4977] loop3: detected capacity change from 0 to 22 [ 119.995912][ T4977] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 120.011862][ T4977] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 122.036359][ T5000] device geneve2 entered promiscuous mode [ 123.550779][ T5021] loop3: detected capacity change from 0 to 512 [ 123.638858][ T5021] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 123.716778][ T5023] delete_channel: no stack [ 123.733292][ T5023] loop4: detected capacity change from 0 to 22 [ 123.812569][ T5021] EXT4-fs (loop3): Ignoring removed bh option [ 123.840272][ T5021] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 123.866221][ T5023] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 123.916394][ T5023] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 124.475240][ T5021] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.215: invalid indirect mapped block 256 (level 2) [ 124.503707][ T5021] EXT4-fs (loop3): 2 truncates cleaned up [ 124.509565][ T5021] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,dioread_nolock,quota,journal_ioprio=0x0000000000000005,jqfmt=vfsv1,bh,inode_readahead_blks=0x0000000002000000,min_batch_time=0x0000000000000008,,errors=continue. Quota mode: writeback. [ 124.652735][ T5021] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.215: bg 0: block 5: invalid block bitmap [ 124.715130][ T5021] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 124.771701][ T5021] EXT4-fs (loop3): This should not happen!! Data will be lost [ 124.771701][ T5021] [ 124.835618][ T5021] EXT4-fs (loop3): Total free blocks count 0 [ 124.841666][ T5021] EXT4-fs (loop3): Free/Dirty block details [ 124.942293][ T5021] EXT4-fs (loop3): free_blocks=0 [ 124.947367][ T5021] EXT4-fs (loop3): dirty_blocks=66 [ 124.982133][ T5021] EXT4-fs (loop3): Block reservation details [ 124.988182][ T5021] EXT4-fs (loop3): i_reserved_data_blocks=66 [ 125.700947][ T4413] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 125.812167][ T4413] EXT4-fs (loop3): This should not happen!! Data will be lost [ 125.812167][ T4413] [ 129.129234][ T5074] device bridge2 entered promiscuous mode [ 129.714429][ T5072] chnl_net:caif_netlink_parms(): no params data found [ 130.912860][ T13] Bluetooth: hci3: command 0x0409 tx timeout [ 130.825779][ T5072] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.963118][ T5072] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.009597][ T5098] loop3: detected capacity change from 0 to 128 [ 131.017229][ T5072] device bridge_slave_0 entered promiscuous mode [ 131.042140][ T5072] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.064920][ T5072] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.094177][ T5072] device bridge_slave_1 entered promiscuous mode [ 131.128783][ T26] audit: type=1800 audit(1768706709.006:87): pid=5098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.239" name="file2" dev="loop3" ino=1048599 res=0 errno=0 [ 131.153667][ T5098] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 550, start 00050006) [ 131.220171][ T5098] FAT-fs (loop3): Filesystem has been set read-only [ 131.233965][ T5072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.279285][ T5072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.488198][ T5072] team0: Port device team_slave_0 added [ 131.601641][ T5072] team0: Port device team_slave_1 added [ 131.731168][ T5072] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.790979][ T5072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.917552][ T5072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.947639][ T5072] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.972175][ T5072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.072125][ T5072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 132.215887][ T144] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.292501][ T5072] device hsr_slave_0 entered promiscuous mode [ 132.315940][ T5072] device hsr_slave_1 entered promiscuous mode [ 132.383561][ T5072] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 132.424576][ T5072] Cannot create hsr debugfs directory [ 132.587147][ T144] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.837303][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.843657][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.844736][ T144] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.992173][ T4188] Bluetooth: hci3: command 0x041b tx timeout [ 133.099125][ T144] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.000669][ T5072] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 134.039932][ T5072] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 134.299216][ T5072] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 134.342375][ T5072] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 135.096359][ T4188] Bluetooth: hci3: command 0x040f tx timeout [ 135.341922][ T5146] netlink: 20 bytes leftover after parsing attributes in process `syz.3.249'. [ 135.414366][ T5146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.249'. [ 135.682373][ T5072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.744236][ T4507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 135.773206][ T4507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 135.796076][ T5159] loop0: detected capacity change from 0 to 512 [ 135.814295][ T5072] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.843083][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 135.879972][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 135.903766][ T5159] EXT4-fs (loop0): 1 truncate cleaned up [ 135.911768][ T5159] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsddf,,errors=continue. Quota mode: none. [ 135.962936][ T4273] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.970092][ T4273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.998721][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 136.023129][ T26] audit: type=1800 audit(1768706713.906:88): pid=5159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.253" name="file1" dev="loop0" ino=13 res=0 errno=0 [ 136.037458][ T5159] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.253: bg 0: block 465: padding at end of block bitmap is not set [ 136.095291][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 136.129576][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 136.154018][ T4273] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.161162][ T4273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.162435][ T5159] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 136.207312][ T5159] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.253: invalid indirect mapped block 234881024 (level 0) [ 136.239029][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 136.259836][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 136.334650][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 136.365437][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 136.380243][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 136.426459][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 136.455928][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 136.492966][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 136.967861][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 137.234946][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 137.434701][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 137.454290][ T13] Bluetooth: hci3: command 0x0419 tx timeout [ 137.558162][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.914071][ T144] device hsr_slave_0 left promiscuous mode [ 138.944422][ T144] device hsr_slave_1 left promiscuous mode [ 138.962438][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.970012][ T144] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 139.023822][ T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 139.031304][ T144] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 139.083126][ T144] device bridge_slave_1 left promiscuous mode [ 139.091523][ T144] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.157803][ T144] device bridge_slave_0 left promiscuous mode [ 139.182291][ T144] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.240176][ T144] device veth1_macvtap left promiscuous mode [ 139.271523][ T144] device veth0_macvtap left promiscuous mode [ 139.293873][ T144] device veth1_vlan left promiscuous mode [ 139.299922][ T144] device veth0_vlan left promiscuous mode [ 139.472308][ T5213] netlink: 12 bytes leftover after parsing attributes in process `syz.3.263'. [ 139.495723][ T5213] netlink: 'syz.3.263': attribute type 1 has an invalid length. [ 139.518511][ T5213] netlink: 'syz.3.263': attribute type 2 has an invalid length. [ 139.529595][ T5213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.263'. [ 140.312717][ T5231] loop4: detected capacity change from 0 to 256 [ 140.544006][ T5231] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 141.156337][ T144] team0 (unregistering): Port device team_slave_1 removed [ 141.234134][ T144] team0 (unregistering): Port device team_slave_0 removed [ 141.368372][ T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.426413][ T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.781808][ T144] bond0 (unregistering): Released all slaves [ 142.001709][ T5200] netlink: 20 bytes leftover after parsing attributes in process `syz.0.260'. [ 142.107456][ T5072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.140753][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 142.152960][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 142.232785][ T5257] loop4: detected capacity change from 0 to 512 [ 142.667410][ T5257] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 143.294649][ T5257] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 144.473234][ T5291] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 144.533353][ T5296] loop1: detected capacity change from 0 to 128 [ 144.668736][ T5296] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 144.684535][ T5296] ext4 filesystem being mounted at /64/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 144.872326][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 144.895738][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 145.113430][ T4507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 145.123320][ T4507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 145.143435][ T4507] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 145.178021][ T5312] loop0: detected capacity change from 0 to 2048 [ 145.191320][ T4507] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 145.342383][ T5072] device veth0_vlan entered promiscuous mode [ 145.411224][ T5072] device veth1_vlan entered promiscuous mode [ 145.588612][ T5312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 145.623964][ T5072] device veth0_macvtap entered promiscuous mode [ 145.690887][ T26] audit: type=1800 audit(1768706723.566:89): pid=5312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.293" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 145.826667][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 145.852678][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 145.881416][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 145.908985][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 145.948361][ T5072] device veth1_macvtap entered promiscuous mode [ 145.986099][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 146.009320][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 146.171607][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.212076][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.232291][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.262290][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.295594][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.342079][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.392230][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.472073][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.552493][ T5072] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 146.574603][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 146.598625][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 146.629568][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.660917][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.691209][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.727107][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.825161][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.943740][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.990863][ T5072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 147.062174][ T5072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 147.114374][ T5072] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 147.179483][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 147.213115][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 147.228423][ T5072] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.250347][ T5072] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.269541][ T5072] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 147.282566][ T5072] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.522681][ T5344] netlink: 4 bytes leftover after parsing attributes in process `syz.3.299'. [ 148.739973][ T4479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.772419][ T4479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.784723][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 148.926591][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.945424][ T5357] loop3: detected capacity change from 0 to 512 [ 148.986453][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.013824][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 149.018610][ T5357] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 149.122125][ T5357] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 149.424535][ T5357] EXT4-fs (loop3): 1 orphan inode deleted [ 149.448930][ T5357] EXT4-fs (loop3): 1 truncate cleaned up [ 149.462237][ T5357] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 149.706802][ T5376] loop5: detected capacity change from 0 to 512 [ 149.892416][ T5376] EXT4-fs (loop5): mounted filesystem without journal. Opts: lazytime,errors=remount-ro,. Quota mode: writeback. [ 149.912333][ T5376] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.292281][ T5415] loop1: detected capacity change from 0 to 128 [ 153.284904][ T5434] device bridge2 entered promiscuous mode [ 158.220689][ T5520] loop4: detected capacity change from 0 to 512 [ 158.404309][ T5520] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 158.698916][ T5520] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 159.789671][ T5567] device bridge1 entered promiscuous mode [ 163.609585][ T5628] loop1: detected capacity change from 0 to 128 [ 166.050425][ T5675] loop4: detected capacity change from 0 to 128 [ 166.227902][ T5679] loop3: detected capacity change from 0 to 128 [ 166.277226][ T26] audit: type=1800 audit(1768706744.156:90): pid=5675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.371" name="bus" dev="loop4" ino=1048607 res=0 errno=0 [ 166.363720][ T5682] loop1: detected capacity change from 0 to 512 [ 166.634037][ T5682] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 166.705386][ T5682] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 169.010814][ T5728] device bridge4 entered promiscuous mode [ 170.953509][ T5741] loop5: detected capacity change from 0 to 256 [ 171.087144][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.125477][ T5741] FAT-fs (loop5): Filesystem has been set read-only [ 171.163057][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.222536][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.258967][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.299103][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.332243][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.341010][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.392292][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.421485][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.458543][ T5741] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 171.512523][ T26] audit: type=1800 audit(1768706749.396:91): pid=5741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.384" name="file1" dev="loop5" ino=1048610 res=0 errno=0 [ 171.539657][ T5741] syz.5.384 (5741) used greatest stack depth: 18864 bytes left [ 171.678670][ T5754] loop3: detected capacity change from 0 to 128 [ 171.766840][ T5757] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5 [ 173.710834][ T5787] device bridge5 entered promiscuous mode [ 176.112545][ T5816] sctp: [Deprecated]: syz.3.397 (pid 5816) Use of struct sctp_assoc_value in delayed_ack socket option. [ 176.112545][ T5816] Use struct sctp_sack_info instead [ 176.319716][ T5823] loop3: detected capacity change from 0 to 128 [ 179.072561][ T5864] netlink: 'syz.1.404': attribute type 13 has an invalid length. [ 179.130331][ T5864] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 179.144770][ T5864] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 179.154555][ T5864] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 180.695636][ T5899] loop1: detected capacity change from 0 to 512 [ 180.796430][ T5899] EXT4-fs (loop1): Ignoring removed nobh option [ 181.005704][ T5899] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,nobh,,errors=continue. Quota mode: writeback. [ 181.051380][ T5899] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 181.884234][ T5936] netlink: 'syz.1.421': attribute type 3 has an invalid length. [ 184.841345][ T6003] loop4: detected capacity change from 0 to 512 [ 184.863580][ T6004] loop5: detected capacity change from 0 to 256 [ 185.006626][ T6003] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 185.072314][ T6003] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.320440][ T4188] Bluetooth: hci1: command 0x0406 tx timeout [ 186.326727][ T4188] Bluetooth: hci0: command 0x0406 tx timeout [ 186.333094][ T4188] Bluetooth: hci4: command 0x0406 tx timeout [ 186.339155][ T4188] Bluetooth: hci2: command 0x0406 tx timeout [ 186.530054][ T6049] loop4: detected capacity change from 0 to 512 [ 186.605049][ T6049] EXT4-fs (loop4): Ignoring removed nobh option [ 186.626420][ T6049] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 186.692214][ T6054] loop5: detected capacity change from 0 to 2048 [ 186.733974][ T6049] EXT4-fs (loop4): 1 truncate cleaned up [ 186.739682][ T6049] EXT4-fs (loop4): mounted filesystem without journal. Opts: i_version,nodiscard,nobh,lazytime,jqfmt=vfsold,quota,,errors=continue. Quota mode: writeback. [ 186.787104][ T6054] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 186.847623][ T26] audit: type=1800 audit(1768706764.726:92): pid=6049 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.451" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 186.884889][ T4351] udevd[4351]: incorrect nilfs2 checksum on /dev/loop5 [ 186.886782][ T6060] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 187.670333][ T6071] loop4: detected capacity change from 0 to 2048 [ 188.031960][ T4290] Alternate GPT is invalid, using primary GPT. [ 188.160089][ T4290] loop4: p2 p3 p7 [ 188.380233][ T6075] device bridge3 entered promiscuous mode [ 188.578666][ T6071] Alternate GPT is invalid, using primary GPT. [ 188.603499][ T6071] loop4: p2 p3 p7 [ 189.022330][ T4351] udevd[4351]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 189.036737][ T4304] udevd[4304]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 189.082860][ T4290] udevd[4290]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 189.136868][ T4351] udevd[4351]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 189.150153][ T4304] udevd[4304]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 189.175659][ T4290] udevd[4290]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 189.225895][ T4351] udevd[4351]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 189.239770][ T4304] udevd[4304]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 189.262557][ T4290] udevd[4290]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 189.760346][ T6108] loop5: detected capacity change from 0 to 2048 [ 189.906771][ T6108] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 189.994056][ T6114] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.277096][ T6126] loop1: detected capacity change from 0 to 512 [ 191.383519][ T6126] EXT4-fs (loop1): orphan cleanup on readonly fs [ 191.418013][ T6126] Quota error (device loop1): v2_read_file_info: Block with free entry too big (9 >= 6). [ 191.454297][ T6133] loop0: detected capacity change from 0 to 1024 [ 191.475302][ T6126] EXT4-fs warning (device loop1): ext4_enable_quotas:6461: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 191.547464][ T6126] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 191.568055][ T6126] EXT4-fs error (device loop1): __ext4_iget:4908: inode #14: block 1886221359: comm syz.1.475: invalid block [ 191.589662][ T6126] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.475: couldn't read orphan inode 14 (err -117) [ 191.608802][ T6126] EXT4-fs (loop1): 1 truncate cleaned up [ 191.618811][ T6126] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 191.631889][ T6133] EXT4-fs (loop0): mounted filesystem without journal. Opts: acl,,errors=continue. Quota mode: none. [ 191.731658][ T6140] loop5: detected capacity change from 0 to 512 [ 191.760102][ T6140] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.480: inode has both inline data and extents flags [ 191.775908][ T6140] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.480: couldn't read orphan inode 15 (err -117) [ 191.795529][ T6140] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 191.851702][ T6143] loop1: detected capacity change from 0 to 512 [ 191.890251][ T6143] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 191.920527][ T6143] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 192.050309][ T6143] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 192.083212][ T6143] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 192.093574][ T6143] System zones: 0-2, 18-18, 34-35 [ 192.117861][ T6143] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 192.266595][ T6146] device bridge2 entered promiscuous mode [ 192.395245][ T6153] netlink: 24 bytes leftover after parsing attributes in process `syz.0.482'. [ 193.551099][ T6164] loop1: detected capacity change from 0 to 2048 [ 193.643663][ T6164] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 193.702338][ T6170] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 194.202521][ T6179] loop3: detected capacity change from 0 to 512 [ 194.458635][ T6187] device bridge1 entered promiscuous mode [ 194.505142][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.511650][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.630684][ T6179] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,usrquota,grpquota,,errors=continue. Quota mode: writeback. [ 194.685819][ T6179] ext4 filesystem being mounted at /117/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 196.799660][ T6221] loop1: detected capacity change from 0 to 2048 [ 196.948959][ T6221] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 196.982240][ T6227] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 197.959073][ T6247] netlink: 28 bytes leftover after parsing attributes in process `syz.5.515'. [ 199.793159][ T6269] loop1: detected capacity change from 0 to 2048 [ 199.926598][ T6269] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 200.002879][ T6274] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 200.018883][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop1 [ 201.295564][ T6291] netlink: 196 bytes leftover after parsing attributes in process `syz.0.528'. [ 201.895068][ T6305] loop0: detected capacity change from 0 to 8192 [ 202.000165][ T6311] syz.5.535 sent an empty control message without MSG_MORE. [ 203.274723][ T6330] loop5: detected capacity change from 0 to 512 [ 203.326147][ T6330] EXT4-fs (loop5): inline encryption not supported [ 203.361332][ T6330] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 203.399844][ T6330] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00fc11c, mo2=0002] [ 203.438827][ T6330] System zones: 1-12 [ 203.525358][ T6330] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2229: inode #15: comm syz.5.542: corrupted in-inode xattr [ 203.575388][ T6330] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.542: couldn't read orphan inode 15 (err -117) [ 203.654083][ T6330] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,grpid,inlinecrypt,grpid,noauto_da_alloc,commit=0x0000000000000005,quota,debug,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: writeback. [ 203.904643][ T6362] netlink: 72 bytes leftover after parsing attributes in process `syz.1.546'. [ 203.966785][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.546'. [ 204.104412][ T6368] loop1: detected capacity change from 0 to 128 [ 204.245431][ T6368] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback. [ 204.268579][ T6368] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 204.613930][ T6376] loop4: detected capacity change from 0 to 2048 [ 204.843114][ T6376] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 204.865086][ T4351] udevd[4351]: incorrect nilfs2 checksum on /dev/loop4 [ 204.953748][ T4351] udevd[4351]: incorrect nilfs2 checksum on /dev/loop4 [ 205.010882][ T6388] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 205.285820][ T6394] loop1: detected capacity change from 0 to 128 [ 205.424179][ T6396] loop5: detected capacity change from 0 to 2048 [ 205.538797][ T6396] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 205.612222][ T26] audit: type=1800 audit(1768706783.496:93): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.557" name="bus" dev="loop5" ino=18 res=0 errno=0 [ 205.739808][ T6404] loop3: detected capacity change from 0 to 136 [ 207.292515][ T6430] loop1: detected capacity change from 0 to 256 [ 207.401445][ T6430] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 207.821178][ T6440] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 208.037680][ T6446] loop1: detected capacity change from 0 to 2048 [ 208.078445][ T6446] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 208.113486][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop1 [ 208.141525][ T6449] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 209.163368][ T6462] netlink: 14 bytes leftover after parsing attributes in process `syz.5.580'. [ 209.741918][ T6473] device gre0 entered promiscuous mode [ 210.174679][ T6479] delete_channel: no stack [ 210.214717][ T6479] loop0: detected capacity change from 0 to 22 [ 210.293222][ T6479] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 210.428196][ T6479] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 211.037620][ T6487] loop1: detected capacity change from 0 to 2048 [ 211.174731][ T6492] loop5: detected capacity change from 0 to 128 [ 211.200134][ T6487] NILFS (loop1): invalid segment: Inconsistency found [ 211.221471][ T6487] NILFS (loop1): trying rollback from an earlier position [ 211.274808][ T6487] NILFS (loop1): recovery complete [ 211.321793][ T6493] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 211.992961][ T6499] loop4: detected capacity change from 0 to 1024 [ 212.153028][ T6499] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 212.222649][ T6499] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3871: comm syz.4.596: Allocating blocks 385-513 which overlap fs metadata [ 212.274866][ T6512] loop5: detected capacity change from 0 to 2048 [ 212.298662][ T6512] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 212.324423][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop5 [ 212.348339][ T6498] EXT4-fs (loop4): pa ffff8880601da460: logic 16, phys. 129, len 24 [ 212.357314][ T6498] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4888: group 0, free 0, pa_free 8 [ 212.373698][ T6514] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 213.008825][ T6520] device syzkaller0 entered promiscuous mode [ 214.122764][ T6557] loop1: detected capacity change from 0 to 128 [ 214.423968][ T6562] delete_channel: no stack [ 214.443954][ T6562] loop3: detected capacity change from 0 to 22 [ 215.055590][ T6565] device ip6gre1 entered promiscuous mode [ 215.184323][ T6562] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 215.286594][ T6562] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 215.309159][ T6568] loop1: detected capacity change from 0 to 256 [ 216.388528][ T6582] loop4: detected capacity change from 0 to 512 [ 216.504417][ T6587] loop5: detected capacity change from 0 to 512 [ 216.525929][ T6590] loop0: detected capacity change from 0 to 512 [ 216.541247][ T6592] loop1: detected capacity change from 0 to 128 [ 216.559565][ T6582] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 216.587541][ T6587] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 216.637097][ T6582] EXT4-fs (loop4): 1 truncate cleaned up [ 216.667290][ T6587] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.679541][ T6582] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier=0x0000000000000101,nobarrier,,errors=continue. Quota mode: none. [ 216.709409][ T6587] EXT4-fs warning (device loop5): ext4_resize_fs:1981: can't read last block, resize aborted [ 216.721669][ T6582] EXT4-fs error (device loop4): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.4.623: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 216.721863][ T6590] EXT4-fs (loop0): mounted filesystem without journal. Opts: nojournal_checksum,,errors=continue. Quota mode: writeback. [ 216.758882][ T6582] EXT4-fs error (device loop4) in ext4_delete_entry:2800: Corrupt filesystem [ 216.889438][ T6582] EXT4-fs warning (device loop4): ext4_rename_delete:3792: inode #2: comm syz.4.623: Deleting old file: nlink 4, error=-117 [ 216.967552][ T26] audit: type=1800 audit(1768706794.846:94): pid=6590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.627" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 217.480302][ T4185] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 218.169856][ T6618] loop0: detected capacity change from 0 to 2048 [ 218.207356][ T6618] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 218.262837][ T4414] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.278439][ T4351] udevd[4351]: incorrect nilfs2 checksum on /dev/loop0 [ 218.308937][ T6619] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 218.489730][ T4414] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.580962][ T4414] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.692753][ T4414] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.031373][ T6631] loop5: detected capacity change from 0 to 2048 [ 219.177607][ T6631] NILFS (loop5): invalid segment: Inconsistency found [ 219.188297][ T6631] NILFS (loop5): trying rollback from an earlier position [ 219.247332][ T6631] NILFS (loop5): recovery complete [ 219.280566][ T6641] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 219.547874][ T6630] chnl_net:caif_netlink_parms(): no params data found [ 219.667503][ T6630] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.677267][ T6630] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.755026][ T6630] device bridge_slave_0 entered promiscuous mode [ 219.789263][ T6630] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.827163][ T6630] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.908627][ T6630] device bridge_slave_1 entered promiscuous mode [ 220.200625][ T6673] device bridge3 entered promiscuous mode [ 220.214615][ T6630] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.255019][ T6630] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.374032][ T6679] loop3: detected capacity change from 0 to 512 [ 220.581692][ T6630] team0: Port device team_slave_0 added [ 220.609158][ T6679] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,mb_optimize_scan=0x0000000000000001,stripe=0x0000000000000005,,errors=continue. Quota mode: writeback. [ 220.661416][ T6679] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.680461][ T6630] team0: Port device team_slave_1 added [ 220.934737][ T6630] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.040828][ T6693] loop5: detected capacity change from 0 to 512 [ 221.041713][ T4255] Bluetooth: hci0: command 0x0409 tx timeout [ 221.054436][ T6630] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.081486][ T6630] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.127957][ T6630] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.139572][ T6630] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.167959][ T6630] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.224640][ T6693] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2229: inode #15: comm syz.5.650: corrupted in-inode xattr [ 221.328920][ T6693] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.650: couldn't read orphan inode 15 (err -117) [ 221.375276][ T6693] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,inode_readahead_blks=0x0000000004000000,abort,noload,delalloc,max_batch_time=0x0000000000000001,init_itable=0x0000000000000601,inode_readahead_blks=0x0000000000000800,bsdgroups,init_itable=0x0000000000000fff,,errors=continue. Quota mode: none. [ 221.437421][ T4414] device hsr_slave_0 left promiscuous mode [ 221.513954][ T4414] device hsr_slave_1 left promiscuous mode [ 221.543530][ T4414] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.551162][ T4414] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.566599][ T4414] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.577443][ T4414] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.614584][ T4414] device bridge_slave_1 left promiscuous mode [ 221.631527][ T4414] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.658778][ T4414] device bridge_slave_0 left promiscuous mode [ 221.670213][ T4414] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.780849][ T6710] loop3: detected capacity change from 0 to 2048 [ 222.343283][ T6710] NILFS (loop3): invalid segment: Inconsistency found [ 222.512673][ T6710] NILFS (loop3): trying rollback from an earlier position [ 222.527646][ T6710] NILFS (loop3): recovery complete [ 222.568964][ T4414] device veth1_macvtap left promiscuous mode [ 222.578412][ T4414] device veth0_macvtap left promiscuous mode [ 222.617407][ T6724] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 222.633241][ T4414] device veth1_vlan left promiscuous mode [ 223.821500][ T6725] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 223.958932][ T13] Bluetooth: hci0: command 0x041b tx timeout [ 224.010027][ T4414] device veth0_vlan left promiscuous mode [ 224.306933][ T6732] loop5: detected capacity change from 0 to 2048 [ 224.510840][ T6732] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 224.616622][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop5 [ 224.662181][ T6743] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 225.101428][ T4414] team0 (unregistering): Port device team_slave_1 removed [ 225.157389][ T4414] team0 (unregistering): Port device team_slave_0 removed [ 225.213279][ T4414] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.230699][ T4414] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.344122][ T4414] bond0 (unregistering): Released all slaves [ 225.408723][ T6739] device bridge3 entered promiscuous mode [ 225.488540][ T6630] device hsr_slave_0 entered promiscuous mode [ 225.504947][ T6630] device hsr_slave_1 entered promiscuous mode [ 225.514425][ T6630] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 225.522595][ T6630] Cannot create hsr debugfs directory [ 225.609395][ T6755] netlink: 28 bytes leftover after parsing attributes in process `syz.3.665'. [ 225.758012][ T6763] loop1: detected capacity change from 0 to 128 [ 227.422602][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 227.541747][ T6770] delete_channel: no stack [ 227.548265][ T6770] loop0: detected capacity change from 0 to 22 [ 227.622673][ T6770] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 227.632310][ T6770] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 227.755143][ T6630] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 227.799388][ T6778] loop1: detected capacity change from 0 to 2048 [ 227.815275][ T6630] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 227.881933][ T6630] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 227.928754][ T6778] NILFS (loop1): invalid segment: Inconsistency found [ 227.946373][ T6630] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 227.970265][ T6778] NILFS (loop1): trying rollback from an earlier position [ 228.044232][ T6778] NILFS (loop1): recovery complete [ 228.093251][ T6791] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 228.771466][ T6804] ieee802154 phy0 wpan0: encryption failed: -22 [ 228.821096][ T6630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.879578][ T6350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.918014][ T6350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.999297][ T6630] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.039251][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.068610][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.193010][ T4479] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.200148][ T4479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.392564][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.426304][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.472351][ T6729] Bluetooth: hci0: command 0x0419 tx timeout [ 229.503613][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.555236][ T6823] loop1: detected capacity change from 0 to 128 [ 229.563839][ T4479] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.570980][ T4479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.674878][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.714207][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.723337][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.733451][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.742592][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.751419][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.762572][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.800187][ T6630] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 229.847720][ T6630] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.930552][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.947154][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.963748][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.972738][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.989508][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 230.629580][ T6836] loop3: detected capacity change from 0 to 512 [ 230.646601][ T6833] device syzkaller0 entered promiscuous mode [ 230.752367][ T6836] EXT4-fs (loop3): Ignoring removed bh option [ 230.836918][ T6836] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 230.932924][ T6836] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 231.022202][ T6836] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 231.082049][ T6836] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 231.184928][ T6836] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bh,noblock_validity,,errors=continue. Quota mode: none. [ 231.212172][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.219656][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.309763][ T6630] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.173808][ T6890] loop0: detected capacity change from 0 to 128 [ 232.339872][ T6883] delete_channel: no stack [ 232.346184][ T6883] loop3: detected capacity change from 0 to 22 [ 232.695887][ T6883] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 232.792043][ T6883] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 233.243850][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 233.265282][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 233.635607][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 233.661511][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 233.698090][ T6630] device veth0_vlan entered promiscuous mode [ 233.727974][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 233.759312][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 233.787264][ T6630] device veth1_vlan entered promiscuous mode [ 233.825417][ T6908] device syzkaller0 entered promiscuous mode [ 233.880595][ T6916] loop1: detected capacity change from 0 to 1024 [ 233.930149][ T6916] EXT4-fs (loop1): Ignoring removed bh option [ 233.963971][ T6916] EXT4-fs (loop1): inline encryption not supported [ 234.029591][ T6630] device veth0_macvtap entered promiscuous mode [ 234.053596][ T6916] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 234.067726][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 234.088328][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 234.109474][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 234.127385][ T6916] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 2: comm syz.1.697: lblock 2 mapped to illegal pblock 2 (length 1) [ 234.167475][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 234.223120][ T6916] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 234.231289][ T6916] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 48: comm syz.1.697: lblock 0 mapped to illegal pblock 48 (length 1) [ 234.245179][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 234.293154][ T6916] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 234.315259][ T6630] device veth1_macvtap entered promiscuous mode [ 234.352719][ T6916] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.697: Failed to acquire dquot type 0 [ 234.375269][ T6916] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 234.417929][ T6916] EXT4-fs error (device loop1): ext4_evict_inode:282: inode #11: comm syz.1.697: mark_inode_dirty error [ 234.478000][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 234.514060][ T6916] EXT4-fs warning (device loop1): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 234.531129][ T6916] EXT4-fs (loop1): 1 orphan inode deleted [ 234.537289][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.544732][ T6916] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x00000000000008c9,debug,inlinecrypt,,errors=continue. Quota mode: writeback. [ 234.572329][ T1275] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 234.638665][ T6935] loop3: detected capacity change from 0 to 128 [ 234.646651][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.658652][ T6916] EXT4-fs (loop1): re-mounted. Opts: . Quota mode: writeback. [ 234.669963][ T1275] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 234.679230][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.713365][ T6916] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm syz.1.697: Invalid inode table block 1 in block_group 0 [ 234.728947][ T1275] EXT4-fs error (device loop1): ext4_release_dquot:6245: comm kworker/u4:4: Failed to release dquot type 0 [ 234.752085][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.768812][ T6916] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 234.802078][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.842116][ T6916] EXT4-fs error (device loop1): ext4_setattr:5479: inode #2: comm syz.1.697: mark_inode_dirty error [ 234.859279][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.869474][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.880577][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.905536][ T6630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.291082][ T6346] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:26: lblock 1 mapped to illegal pblock 1 (length 1) [ 236.352572][ T6346] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 236.398188][ T6346] EXT4-fs error (device loop1): ext4_release_dquot:6245: comm kworker/u4:26: Failed to release dquot type 0 [ 236.431484][ T4186] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 236.469840][ T4186] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5850: Corrupt filesystem [ 236.501753][ T4186] EXT4-fs error (device loop1): ext4_quota_off:6515: inode #3: comm syz-executor: mark_inode_dirty error [ 236.592133][ T6350] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 236.601105][ T6350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 236.666656][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.707726][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.719003][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.729881][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.740065][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.750901][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.761256][ T6630] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.772741][ T6630] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.827959][ T6953] loop3: detected capacity change from 0 to 128 [ 236.851947][ T6630] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.935977][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 236.955938][ T4479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 236.995378][ T6630] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.034521][ T6630] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.059468][ T6630] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.092334][ T6630] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.156610][ T6959] loop1: detected capacity change from 0 to 512 [ 237.308430][ T6959] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 237.322497][ T6959] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 237.358699][ T6333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.386954][ T6962] loop3: detected capacity change from 0 to 2048 [ 237.400359][ T6333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.425694][ T6959] EXT4-fs (loop1): orphan cleanup on readonly fs [ 237.462337][ T6959] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.707: bg 0: block 248: padding at end of block bitmap is not set [ 237.540409][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 237.559438][ T6962] NILFS (loop3): invalid segment: Inconsistency found [ 237.600198][ T4479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.632252][ T6962] NILFS (loop3): trying rollback from an earlier position [ 237.644542][ T6959] Quota error (device loop1): write_blk: dquota write failed [ 237.663455][ T6959] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 237.694206][ T4479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.705361][ T6962] NILFS (loop3): recovery complete [ 237.725393][ T6971] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 237.737558][ T6333] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 237.746795][ T6959] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.707: Failed to acquire dquot type 1 [ 237.782377][ T6959] EXT4-fs (loop1): 1 truncate cleaned up [ 237.800652][ T6959] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,nolazytime,noblock_validity,grpjquota=,bsdgroups,jqfmt=vfsold,auto_da_alloc,nogrpid,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 237.900721][ T6959] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 237.928514][ T6970] device w entered promiscuous mode [ 237.980143][ T6970] 8021q: adding VLAN 0 to HW filter on device w [ 238.010302][ T6959] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 238.057203][ T6959] ext4 filesystem being remounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.420350][ T6978] device syzkaller0 entered promiscuous mode [ 238.457326][ T6982] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 238.526011][ T6984] loop5: detected capacity change from 0 to 512 [ 238.641577][ T6984] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.712: bad orphan inode 15 [ 238.715381][ T6996] loop3: detected capacity change from 0 to 128 [ 238.737766][ T6984] ext4_test_bit(bit=14, block=5) = 0 [ 238.745019][ T6984] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,init_itable,journal_dev=0x0000000000000003,grpid,journal_ioprio=0x0000000000000002,journal_ioprio=0x0000000000000003,nolazytime,noload,,errors=continue. Quota mode: none. [ 240.829764][ T7017] loop3: detected capacity change from 0 to 256 [ 240.908174][ T7018] loop0: detected capacity change from 0 to 128 [ 241.006639][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.027062][ T7017] FAT-fs (loop3): Filesystem has been set read-only [ 241.039522][ T7019] delete_channel: no stack [ 241.040274][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.056127][ T7019] loop1: detected capacity change from 0 to 22 [ 241.107217][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.132297][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.151489][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.170981][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.190238][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.211157][ T7025] loop5: detected capacity change from 0 to 2048 [ 241.233049][ T7019] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 241.264933][ T7019] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 241.287011][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.296291][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.305180][ T7017] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 241.317697][ T26] audit: type=1800 audit(1768706819.196:95): pid=7017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.721" name="file1" dev="loop3" ino=1048622 res=0 errno=0 [ 241.354182][ T7025] NILFS (loop5): invalid segment: Inconsistency found [ 241.382115][ T7025] NILFS (loop5): trying rollback from an earlier position [ 241.425148][ T7025] NILFS (loop5): recovery complete [ 241.440704][ T7028] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 242.079318][ T7034] loop3: detected capacity change from 0 to 128 [ 243.551168][ T7053] loop1: detected capacity change from 0 to 8192 [ 243.685393][ T7053] loop1: p3 p4 [ 243.717052][ T7053] loop1: partition table partially beyond EOD, truncated [ 243.776572][ T7053] loop1: p3 start 331777 is beyond EOD, truncated [ 243.836943][ T7053] loop1: p4 start 4278191616 is beyond EOD, truncated [ 244.024146][ T7088] netlink: 20 bytes leftover after parsing attributes in process `syz.6.741'. [ 244.780571][ T7108] loop3: detected capacity change from 0 to 256 [ 244.831549][ T7110] loop6: detected capacity change from 0 to 128 [ 244.952276][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.056046][ T7108] FAT-fs (loop3): Filesystem has been set read-only [ 245.133104][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.158940][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.283959][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.820353][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.890422][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.971631][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 245.994402][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.026380][ T7120] loop1: detected capacity change from 0 to 1024 [ 246.062265][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.071058][ T7108] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.118163][ T7122] loop0: detected capacity change from 0 to 2048 [ 246.128847][ T7120] EXT4-fs (loop1): Ignoring removed bh option [ 246.151194][ T7126] netlink: 32 bytes leftover after parsing attributes in process `syz.6.749'. [ 246.160575][ T26] audit: type=1800 audit(1768706824.036:96): pid=7108 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.747" name="file1" dev="loop3" ino=1048627 res=0 errno=0 [ 246.207395][ T7120] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 246.313610][ T7122] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 246.330652][ T4351] udevd[4351]: incorrect nilfs2 checksum on /dev/loop0 [ 246.354881][ T7120] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,abort,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 246.432266][ T4290] udevd[4290]: incorrect nilfs2 checksum on /dev/loop0 [ 246.511942][ T7136] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 247.397697][ T7159] loop5: detected capacity change from 0 to 128 [ 247.425678][ T7161] loop6: detected capacity change from 0 to 256 [ 248.716153][ T7174] loop0: detected capacity change from 0 to 2048 [ 248.788208][ T7174] NILFS (loop0): invalid segment: Inconsistency found [ 248.829384][ T7174] NILFS (loop0): trying rollback from an earlier position [ 248.849104][ T7174] NILFS (loop0): recovery complete [ 248.859286][ T7176] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 249.455308][ T7189] loop1: detected capacity change from 0 to 2048 [ 249.568321][ T7189] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 249.645571][ T7197] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 250.387693][ T7210] loop5: detected capacity change from 0 to 128 [ 250.661663][ T7214] delete_channel: no stack [ 250.676273][ T7214] loop1: detected capacity change from 0 to 22 [ 250.735690][ T7214] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 250.758759][ T7214] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 251.610743][ T7218] loop3: detected capacity change from 0 to 2048 [ 251.690555][ T7224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.775'. [ 252.049636][ T7218] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 252.222280][ T26] audit: type=1800 audit(1768706830.076:97): pid=7218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.776" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 252.600393][ T7244] netlink: 36 bytes leftover after parsing attributes in process `syz.3.779'. [ 252.670986][ T7244] netlink: 36 bytes leftover after parsing attributes in process `syz.3.779'. [ 252.681880][ T21] Bluetooth: hci3: command 0x0406 tx timeout [ 252.718637][ T7249] loop1: detected capacity change from 0 to 2048 [ 252.791020][ T7249] NILFS (loop1): invalid segment: Inconsistency found [ 252.833047][ T7249] NILFS (loop1): trying rollback from an earlier position [ 252.844498][ T7253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.782'. [ 252.889358][ T7249] NILFS (loop1): recovery complete [ 252.923620][ T7255] loop0: detected capacity change from 0 to 2048 [ 253.067392][ T7256] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 253.111194][ T7255] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 253.157632][ T7267] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 254.820373][ T7291] loop5: detected capacity change from 0 to 128 [ 254.897288][ T7291] attempt to access beyond end of device [ 254.897288][ T7291] loop5: rw=2049, want=250, limit=128 [ 255.012623][ T7297] attempt to access beyond end of device [ 255.012623][ T7297] loop5: rw=2049, want=144, limit=128 [ 255.113507][ T7297] Buffer I/O error on dev loop5, logical block 71, lost async page write [ 255.124409][ T7301] loop0: detected capacity change from 0 to 2048 [ 255.139630][ T7303] loop6: detected capacity change from 0 to 2048 [ 255.230865][ T7301] NILFS (loop0): invalid segment: Inconsistency found [ 255.255174][ T7301] NILFS (loop0): trying rollback from an earlier position [ 255.275805][ T7301] NILFS (loop0): recovery complete [ 255.277148][ T7303] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 255.350534][ T7308] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 255.622574][ T26] audit: type=1800 audit(1768706833.496:98): pid=7303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.795" name="bus" dev="loop6" ino=18 res=0 errno=0 [ 255.729301][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.743614][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.487637][ T7320] loop6: detected capacity change from 0 to 2048 [ 256.645331][ T7320] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 256.661790][ T7331] loop3: detected capacity change from 0 to 128 [ 256.693155][ T7333] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 256.921890][ T7331] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000006f) [ 256.944064][ T7331] FAT-fs (loop3): Filesystem has been set read-only [ 257.549548][ T7351] tmpfs: Unknown parameter 'noswap' [ 257.561565][ T7349] loop5: detected capacity change from 0 to 512 [ 257.687164][ T7349] EXT4-fs (loop5): Ignoring removed bh option [ 257.750093][ T7349] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,usrquota,bh,,errors=continue. Quota mode: writeback. [ 257.780077][ T7349] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 258.423664][ T7389] loop3: detected capacity change from 0 to 512 [ 258.531115][ T7389] EXT4-fs (loop3): Ignoring removed nobh option [ 258.700263][ T7389] [ 258.702666][ T7389] ====================================================== [ 258.709703][ T7389] WARNING: possible circular locking dependency detected [ 258.716750][ T7389] syzkaller #0 Not tainted [ 258.721177][ T7389] ------------------------------------------------------ [ 258.728208][ T7389] syz.3.819/7389 is trying to acquire lock: [ 258.734113][ T7389] ffff888146a64bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x20f/0x2df0 [ 258.744278][ T7389] [ 258.744278][ T7389] but task is already holding lock: [ 258.751742][ T7389] ffff888060216478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 258.761611][ T7389] [ 258.761611][ T7389] which lock already depends on the new lock. [ 258.761611][ T7389] [ 258.772040][ T7389] [ 258.772040][ T7389] the existing dependency chain (in reverse order) is: [ 258.781081][ T7389] [ 258.781081][ T7389] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 258.788685][ T7389] down_write+0x38/0x60 [ 258.793408][ T7389] ext4_destroy_inline_data+0x24/0xe0 [ 258.799352][ T7389] ext4_writepages+0x670/0x2df0 [ 258.804761][ T7389] do_writepages+0x476/0x6e0 [ 258.810009][ T7389] filemap_fdatawrite_wbc+0x1eb/0x240 [ 258.815955][ T7389] file_write_and_wait_range+0x14d/0x220 [ 258.822205][ T7389] ext4_sync_file+0x1ff/0xae0 [ 258.827441][ T7389] ext4_buffered_write_iter+0x338/0x3b0 [ 258.833538][ T7389] ext4_file_write_iter+0x74d/0x1700 [ 258.839402][ T7389] vfs_write+0x745/0xd60 [ 258.844191][ T7389] __x64_sys_pwrite64+0x19a/0x220 [ 258.849770][ T7389] do_syscall_64+0x4c/0xa0 [ 258.854731][ T7389] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 258.861211][ T7389] [ 258.861211][ T7389] -> #0 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 258.869676][ T7389] __lock_acquire+0x2c42/0x7d10 [ 258.875082][ T7389] lock_acquire+0x19e/0x400 [ 258.880139][ T7389] percpu_down_read+0x46/0x1b0 [ 258.885450][ T7389] ext4_writepages+0x20f/0x2df0 [ 258.890853][ T7389] do_writepages+0x476/0x6e0 [ 258.896008][ T7389] __writeback_single_inode+0x153/0xda0 [ 258.902093][ T7389] writeback_single_inode+0x3cb/0x8e0 [ 258.908014][ T7389] write_inode_now+0x23b/0x2c0 [ 258.913372][ T7389] iput+0x5ab/0x8a0 [ 258.917735][ T7389] ext4_xattr_set_entry+0x34f4/0x3ea0 [ 258.923658][ T7389] ext4_xattr_block_set+0x4fd/0x2d20 [ 258.929490][ T7389] ext4_expand_extra_isize_ea+0xf3b/0x1990 [ 258.935850][ T7389] __ext4_expand_extra_isize+0x301/0x3e0 [ 258.942035][ T7389] __ext4_mark_inode_dirty+0x469/0x700 [ 258.948048][ T7389] ext4_evict_inode+0xa8d/0x1090 [ 258.953535][ T7389] evict+0x4c9/0x8d0 [ 258.958165][ T7389] ext4_orphan_cleanup+0xad2/0x1320 [ 258.964002][ T7389] ext4_fill_super+0x92c9/0x9a40 [ 258.969483][ T7389] mount_bdev+0x287/0x3c0 [ 258.974357][ T7389] legacy_get_tree+0xe6/0x180 [ 258.979573][ T7389] vfs_get_tree+0x88/0x270 [ 258.984524][ T7389] do_new_mount+0x24a/0xa40 [ 258.989580][ T7389] __se_sys_mount+0x2e3/0x3d0 [ 258.994811][ T7389] do_syscall_64+0x4c/0xa0 [ 258.999788][ T7389] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 259.006232][ T7389] [ 259.006232][ T7389] other info that might help us debug this: [ 259.006232][ T7389] [ 259.016483][ T7389] Possible unsafe locking scenario: [ 259.016483][ T7389] [ 259.023947][ T7389] CPU0 CPU1 [ 259.029333][ T7389] ---- ---- [ 259.034724][ T7389] lock(&ei->xattr_sem); [ 259.039080][ T7389] lock(&sbi->s_writepages_rwsem); [ 259.046824][ T7389] lock(&ei->xattr_sem); [ 259.053691][ T7389] lock(&sbi->s_writepages_rwsem); [ 259.058915][ T7389] [ 259.058915][ T7389] *** DEADLOCK *** [ 259.058915][ T7389] [ 259.067075][ T7389] 3 locks held by syz.3.819/7389: [ 259.072118][ T7389] #0: ffff888147ace0e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x201/0x950 [ 259.082286][ T7389] #1: ffff888147ace650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x44a/0x1090 [ 259.091821][ T7389] #2: ffff888060216478 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x3e8/0x700 [ 259.102135][ T7389] [ 259.102135][ T7389] stack backtrace: [ 259.108061][ T7389] CPU: 0 PID: 7389 Comm: syz.3.819 Not tainted syzkaller #0 [ 259.115381][ T7389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 259.125563][ T7389] Call Trace: [ 259.128954][ T7389] [ 259.131932][ T7389] dump_stack_lvl+0x188/0x250 [ 259.136649][ T7389] ? load_image+0x400/0x400 [ 259.141191][ T7389] ? show_regs_print_info+0x20/0x20 [ 259.146436][ T7389] ? print_circular_bug+0x12b/0x1a0 [ 259.151669][ T7389] check_noncircular+0x296/0x330 [ 259.156654][ T7389] ? look_up_lock_class+0x71/0x110 [ 259.161934][ T7389] ? add_chain_block+0x940/0x940 [ 259.166901][ T7389] ? lockdep_lock+0xf1/0x1f0 [ 259.171520][ T7389] ? mark_lock+0x94/0x320 [ 259.175887][ T7389] ? mark_lock+0x94/0x320 [ 259.180254][ T7389] __lock_acquire+0x2c42/0x7d10 [ 259.185182][ T7389] ? finish_task_switch+0x1e4/0x640 [ 259.190419][ T7389] ? verify_lock_unused+0x140/0x140 [ 259.195640][ T7389] ? mark_lock+0x94/0x320 [ 259.199991][ T7389] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 259.205993][ T7389] ? lock_chain_count+0x20/0x20 [ 259.210886][ T7389] lock_acquire+0x19e/0x400 [ 259.215623][ T7389] ? ext4_writepages+0x20f/0x2df0 [ 259.220950][ T7389] ? __might_sleep+0xf0/0xf0 [ 259.225664][ T7389] ? read_lock_is_recursive+0x10/0x10 [ 259.231677][ T7389] ? mark_lock+0x94/0x320 [ 259.236034][ T7389] ? __lock_acquire+0x13bc/0x7d10 [ 259.241108][ T7389] percpu_down_read+0x46/0x1b0 [ 259.246103][ T7389] ? ext4_writepages+0x20f/0x2df0 [ 259.251335][ T7389] ext4_writepages+0x20f/0x2df0 [ 259.256235][ T7389] ? verify_lock_unused+0x140/0x140 [ 259.261472][ T7389] ? mark_lock+0x94/0x320 [ 259.265828][ T7389] ? ext4_readpage+0x2e0/0x2e0 [ 259.270618][ T7389] ? __lock_acquire+0x13bc/0x7d10 [ 259.275668][ T7389] ? __lock_acquire+0x7d10/0x7d10 [ 259.280728][ T7389] ? __lock_acquire+0x7d10/0x7d10 [ 259.285779][ T7389] ? do_raw_spin_lock+0x128/0x2f0 [ 259.290829][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 259.297618][ T7389] ? ext4_readpage+0x2e0/0x2e0 [ 259.302432][ T7389] do_writepages+0x476/0x6e0 [ 259.307059][ T7389] ? __writepage+0x130/0x130 [ 259.312205][ T7389] ? writeback_single_inode+0x3c0/0x8e0 [ 259.317790][ T7389] ? __lock_acquire+0x7d10/0x7d10 [ 259.322839][ T7389] ? do_raw_spin_lock+0x128/0x2f0 [ 259.327896][ T7389] __writeback_single_inode+0x153/0xda0 [ 259.333474][ T7389] writeback_single_inode+0x3cb/0x8e0 [ 259.338880][ T7389] ? write_inode_now+0x2c0/0x2c0 [ 259.343866][ T7389] write_inode_now+0x23b/0x2c0 [ 259.348661][ T7389] ? bdi_split_work_to_wbs+0x8a0/0x8a0 [ 259.354153][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 259.359380][ T7389] iput+0x5ab/0x8a0 [ 259.363224][ T7389] ext4_xattr_set_entry+0x34f4/0x3ea0 [ 259.368635][ T7389] ? ext4_xattr_ibody_set+0x330/0x330 [ 259.374032][ T7389] ? __ext4_journal_get_write_access+0x2ea/0x6e0 [ 259.380394][ T7389] ? __might_sleep+0xf0/0xf0 [ 259.385023][ T7389] ? ext4_xattr_block_set+0xc2/0x2d20 [ 259.390576][ T7389] ext4_xattr_block_set+0x4fd/0x2d20 [ 259.395897][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 259.401125][ T7389] ? __getblk_gfp+0x52/0xb60 [ 259.405746][ T7389] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 259.411510][ T7389] ? ext4_xattr_block_find+0x500/0x500 [ 259.417020][ T7389] ? ext4_xattr_block_find+0x433/0x500 [ 259.422517][ T7389] ext4_expand_extra_isize_ea+0xf3b/0x1990 [ 259.428361][ T7389] __ext4_expand_extra_isize+0x301/0x3e0 [ 259.434061][ T7389] __ext4_mark_inode_dirty+0x469/0x700 [ 259.439554][ T7389] ext4_evict_inode+0xa8d/0x1090 [ 259.444605][ T7389] ? _raw_spin_unlock+0x24/0x40 [ 259.449482][ T7389] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 259.455402][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 259.460627][ T7389] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 259.466539][ T7389] evict+0x4c9/0x8d0 [ 259.470476][ T7389] ? proc_nr_inodes+0x320/0x320 [ 259.475373][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 259.480594][ T7389] ? _raw_spin_unlock+0x24/0x40 [ 259.485468][ T7389] ? iput+0x706/0x8a0 [ 259.489481][ T7389] ext4_orphan_cleanup+0xad2/0x1320 [ 259.494706][ T7389] ? ext4_orphan_del+0xbf0/0xbf0 [ 259.499678][ T7389] ? errseq_check_and_advance+0x62/0x120 [ 259.505342][ T7389] ext4_fill_super+0x92c9/0x9a40 [ 259.510326][ T7389] ? ext4_mount+0x40/0x40 [ 259.514685][ T7389] ? set_blocksize+0x1f3/0x370 [ 259.519496][ T7389] ? sb_set_blocksize+0xa5/0xe0 [ 259.524412][ T7389] mount_bdev+0x287/0x3c0 [ 259.528788][ T7389] ? ext4_mount+0x40/0x40 [ 259.533159][ T7389] legacy_get_tree+0xe6/0x180 [ 259.537875][ T7389] ? ext4_errno_to_code+0x160/0x160 [ 259.543289][ T7389] vfs_get_tree+0x88/0x270 [ 259.547736][ T7389] do_new_mount+0x24a/0xa40 [ 259.552270][ T7389] __se_sys_mount+0x2e3/0x3d0 [ 259.557068][ T7389] ? __x64_sys_mount+0xc0/0xc0 [ 259.561860][ T7389] ? lockdep_hardirqs_on+0x94/0x140 [ 259.567196][ T7389] ? __x64_sys_mount+0x1c/0xc0 [ 259.571993][ T7389] do_syscall_64+0x4c/0xa0 [ 259.576477][ T7389] ? clear_bhb_loop+0x30/0x80 [ 259.581181][ T7389] ? clear_bhb_loop+0x30/0x80 [ 259.585886][ T7389] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 259.591823][ T7389] RIP: 0033:0x7fd39502af4a [ 259.596261][ T7389] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.615906][ T7389] RSP: 002b:00007fd393284e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 259.624376][ T7389] RAX: ffffffffffffffda RBX: 00007fd393284ee0 RCX: 00007fd39502af4a [ 259.632381][ T7389] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fd393284ea0 [ 259.640377][ T7389] RBP: 0000200000000180 R08: 00007fd393284ee0 R09: 0000000000800718 [ 259.648374][ T7389] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 259.656374][ T7389] R13: 00007fd393284ea0 R14: 0000000000000497 R15: 00002000000003c0 [ 259.664386][ T7389] [ 260.072702][ T7389] ------------[ cut here ]------------ [ 260.078234][ T7389] EA inode 11 i_nlink=1026 [ 260.078500][ T7389] WARNING: CPU: 1 PID: 7389 at fs/ext4/xattr.c:1022 ext4_xattr_inode_update_ref+0x4bd/0x510 [ 260.100523][ T7389] Modules linked in: [ 260.105247][ T7389] CPU: 1 PID: 7389 Comm: syz.3.819 Not tainted syzkaller #0 [ 260.115690][ T7389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 260.126441][ T7389] RIP: 0010:ext4_xattr_inode_update_ref+0x4bd/0x510 [ 260.133143][ T7389] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 64 ea a1 ff 49 8b 37 48 c7 c7 40 8d 3d 8a 89 da e8 53 0f 93 07 <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 2d ff 9d 07 [ 260.153086][ T7389] RSP: 0018:ffffc90002eaf140 EFLAGS: 00010246 [ 260.159194][ T7389] RAX: 12d05b58d6e3b200 RBX: 0000000000000402 RCX: 0000000000080000 [ 260.173452][ T7389] RDX: ffffc9000cdb1000 RSI: 000000000007ffff RDI: 0000000000080000 [ 260.181615][ T7389] RBP: ffffc90002eaf230 R08: ffff8880b912795b R09: 1ffff11017224f2b [ 260.192914][ T7389] R10: dffffc0000000000 R11: ffffed1017224f2c R12: ffff8880602d3e70 [ 260.206073][ T7389] R13: 1ffff1100c05a80d R14: dffffc0000000000 R15: ffff8880602d3eb0 [ 260.215160][ T7389] FS: 00007fd3932856c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 260.226420][ T7389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 260.234659][ T7389] CR2: 00007f80d27ac286 CR3: 0000000022c4a000 CR4: 00000000003506e0 [ 260.244698][ T7389] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 260.253241][ T7389] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 260.261306][ T7389] Call Trace: [ 260.266609][ T7389] [ 260.269574][ T7389] ? ext4_xattr_block_csum+0x560/0x560 [ 260.278146][ T7389] ? ext4_xattr_inode_iget+0x3f0/0x600 [ 260.285696][ T7389] ? bit_wait+0xc0/0xc0 [ 260.289957][ T7389] ext4_xattr_set_entry+0xed9/0x3ea0 [ 260.295727][ T7389] ? __sync_dirty_buffer+0x32d/0x370 [ 260.301107][ T7389] ? __ext4_handle_dirty_metadata+0x39d/0x800 [ 260.309333][ T7389] ? ext4_xattr_block_set+0xda0/0x2d20 [ 260.315364][ T7389] ? ext4_xattr_ibody_set+0x330/0x330 [ 260.320783][ T7389] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 260.328570][ T7389] ? ext4_xattr_block_find+0x500/0x500 [ 260.335700][ T7389] ext4_xattr_ibody_set+0x112/0x330 [ 260.341040][ T7389] ext4_expand_extra_isize_ea+0xf8a/0x1990 [ 260.349020][ T7389] __ext4_expand_extra_isize+0x301/0x3e0 [ 260.356795][ T7389] __ext4_mark_inode_dirty+0x469/0x700 [ 260.364452][ T7389] ext4_evict_inode+0xa8d/0x1090 [ 260.369562][ T7389] ? _raw_spin_unlock+0x24/0x40 [ 260.374947][ T7389] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 260.380971][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 260.389923][ T7389] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 260.396422][ T7389] evict+0x4c9/0x8d0 [ 260.400427][ T7389] ? proc_nr_inodes+0x320/0x320 [ 260.407515][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 260.413246][ T7389] ? _raw_spin_unlock+0x24/0x40 [ 260.418217][ T7389] ? iput+0x706/0x8a0 [ 260.424354][ T7389] ext4_orphan_cleanup+0xad2/0x1320 [ 260.429702][ T7389] ? ext4_orphan_del+0xbf0/0xbf0 [ 260.436128][ T7389] ? errseq_check_and_advance+0x62/0x120 [ 260.441802][ T7389] ext4_fill_super+0x92c9/0x9a40 [ 260.447367][ T7389] ? ext4_mount+0x40/0x40 [ 260.451727][ T7389] ? set_blocksize+0x1f3/0x370 [ 260.458616][ T7389] ? sb_set_blocksize+0xa5/0xe0 [ 260.464048][ T7389] mount_bdev+0x287/0x3c0 [ 260.468423][ T7389] ? ext4_mount+0x40/0x40 [ 260.473040][ T7389] legacy_get_tree+0xe6/0x180 [ 260.477754][ T7389] ? ext4_errno_to_code+0x160/0x160 [ 260.483432][ T7389] vfs_get_tree+0x88/0x270 [ 260.487887][ T7389] do_new_mount+0x24a/0xa40 [ 260.492704][ T7389] __se_sys_mount+0x2e3/0x3d0 [ 260.497422][ T7389] ? __x64_sys_mount+0xc0/0xc0 [ 260.504831][ T7389] ? lockdep_hardirqs_on+0x94/0x140 [ 260.510214][ T7389] ? __x64_sys_mount+0x1c/0xc0 [ 260.515371][ T7389] do_syscall_64+0x4c/0xa0 [ 260.520005][ T7389] ? clear_bhb_loop+0x30/0x80 [ 260.527538][ T7389] ? clear_bhb_loop+0x30/0x80 [ 260.532484][ T7389] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 260.539795][ T7389] RIP: 0033:0x7fd39502af4a [ 260.546221][ T7389] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.567017][ T7389] RSP: 002b:00007fd393284e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 260.576222][ T7389] RAX: ffffffffffffffda RBX: 00007fd393284ee0 RCX: 00007fd39502af4a [ 260.586576][ T7389] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fd393284ea0 [ 260.594957][ T7389] RBP: 0000200000000180 R08: 00007fd393284ee0 R09: 0000000000800718 [ 260.605663][ T7389] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 260.615231][ T7389] R13: 00007fd393284ea0 R14: 0000000000000497 R15: 00002000000003c0 [ 260.625807][ T7389] [ 260.629028][ T7389] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 260.636335][ T7389] CPU: 1 PID: 7389 Comm: syz.3.819 Not tainted syzkaller #0 [ 260.643644][ T7389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 260.653724][ T7389] Call Trace: [ 260.657041][ T7389] [ 260.660200][ T7389] dump_stack_lvl+0x188/0x250 [ 260.664933][ T7389] ? show_regs_print_info+0x20/0x20 [ 260.670173][ T7389] ? load_image+0x400/0x400 [ 260.674710][ T7389] panic+0x2e5/0x810 [ 260.678630][ T7389] ? bpf_jit_dump+0xd0/0xd0 [ 260.683168][ T7389] ? ext4_xattr_inode_update_ref+0x4bd/0x510 [ 260.689180][ T7389] __warn+0x248/0x2b0 [ 260.693184][ T7389] ? ext4_xattr_inode_update_ref+0x4bd/0x510 [ 260.699196][ T7389] report_bug+0x1b7/0x2e0 [ 260.703558][ T7389] handle_bug+0x3a/0x70 [ 260.707744][ T7389] exc_invalid_op+0x16/0x40 [ 260.712313][ T7389] asm_exc_invalid_op+0x16/0x20 [ 260.717202][ T7389] RIP: 0010:ext4_xattr_inode_update_ref+0x4bd/0x510 [ 260.723824][ T7389] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 64 ea a1 ff 49 8b 37 48 c7 c7 40 8d 3d 8a 89 da e8 53 0f 93 07 <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 2d ff 9d 07 [ 260.743451][ T7389] RSP: 0018:ffffc90002eaf140 EFLAGS: 00010246 [ 260.749559][ T7389] RAX: 12d05b58d6e3b200 RBX: 0000000000000402 RCX: 0000000000080000 [ 260.757560][ T7389] RDX: ffffc9000cdb1000 RSI: 000000000007ffff RDI: 0000000000080000 [ 260.765560][ T7389] RBP: ffffc90002eaf230 R08: ffff8880b912795b R09: 1ffff11017224f2b [ 260.773558][ T7389] R10: dffffc0000000000 R11: ffffed1017224f2c R12: ffff8880602d3e70 [ 260.781549][ T7389] R13: 1ffff1100c05a80d R14: dffffc0000000000 R15: ffff8880602d3eb0 [ 260.789560][ T7389] ? ext4_xattr_block_csum+0x560/0x560 [ 260.795061][ T7389] ? ext4_xattr_inode_iget+0x3f0/0x600 [ 260.800554][ T7389] ? bit_wait+0xc0/0xc0 [ 260.804741][ T7389] ext4_xattr_set_entry+0xed9/0x3ea0 [ 260.810060][ T7389] ? __sync_dirty_buffer+0x32d/0x370 [ 260.815376][ T7389] ? __ext4_handle_dirty_metadata+0x39d/0x800 [ 260.821470][ T7389] ? ext4_xattr_block_set+0xda0/0x2d20 [ 260.826954][ T7389] ? ext4_xattr_ibody_set+0x330/0x330 [ 260.832364][ T7389] ? __ext4_xattr_check_block+0x7d8/0x8d0 [ 260.838104][ T7389] ? ext4_xattr_block_find+0x500/0x500 [ 260.843587][ T7389] ext4_xattr_ibody_set+0x112/0x330 [ 260.848817][ T7389] ext4_expand_extra_isize_ea+0xf8a/0x1990 [ 260.854667][ T7389] __ext4_expand_extra_isize+0x301/0x3e0 [ 260.860340][ T7389] __ext4_mark_inode_dirty+0x469/0x700 [ 260.865826][ T7389] ext4_evict_inode+0xa8d/0x1090 [ 260.870797][ T7389] ? _raw_spin_unlock+0x24/0x40 [ 260.875675][ T7389] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 260.881598][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 260.886821][ T7389] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 260.892735][ T7389] evict+0x4c9/0x8d0 [ 260.896660][ T7389] ? proc_nr_inodes+0x320/0x320 [ 260.901533][ T7389] ? do_raw_spin_unlock+0x11d/0x230 [ 260.906764][ T7389] ? _raw_spin_unlock+0x24/0x40 [ 260.911641][ T7389] ? iput+0x706/0x8a0 [ 260.915654][ T7389] ext4_orphan_cleanup+0xad2/0x1320 [ 260.920885][ T7389] ? ext4_orphan_del+0xbf0/0xbf0 [ 260.925852][ T7389] ? errseq_check_and_advance+0x62/0x120 [ 260.931514][ T7389] ext4_fill_super+0x92c9/0x9a40 [ 260.936491][ T7389] ? ext4_mount+0x40/0x40 [ 260.940846][ T7389] ? set_blocksize+0x1f3/0x370 [ 260.945639][ T7389] ? sb_set_blocksize+0xa5/0xe0 [ 260.950515][ T7389] mount_bdev+0x287/0x3c0 [ 260.954866][ T7389] ? ext4_mount+0x40/0x40 [ 260.959221][ T7389] legacy_get_tree+0xe6/0x180 [ 260.963936][ T7389] ? ext4_errno_to_code+0x160/0x160 [ 260.969163][ T7389] vfs_get_tree+0x88/0x270 [ 260.973608][ T7389] do_new_mount+0x24a/0xa40 [ 260.978146][ T7389] __se_sys_mount+0x2e3/0x3d0 [ 260.982858][ T7389] ? __x64_sys_mount+0xc0/0xc0 [ 260.987650][ T7389] ? lockdep_hardirqs_on+0x94/0x140 [ 260.992900][ T7389] ? __x64_sys_mount+0x1c/0xc0 [ 260.997698][ T7389] do_syscall_64+0x4c/0xa0 [ 261.002139][ T7389] ? clear_bhb_loop+0x30/0x80 [ 261.006838][ T7389] ? clear_bhb_loop+0x30/0x80 [ 261.011543][ T7389] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 261.017466][ T7389] RIP: 0033:0x7fd39502af4a [ 261.021910][ T7389] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 261.041542][ T7389] RSP: 002b:00007fd393284e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 261.049996][ T7389] RAX: ffffffffffffffda RBX: 00007fd393284ee0 RCX: 00007fd39502af4a [ 261.058003][ T7389] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fd393284ea0 [ 261.066006][ T7389] RBP: 0000200000000180 R08: 00007fd393284ee0 R09: 0000000000800718 [ 261.074000][ T7389] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 261.082005][ T7389] R13: 00007fd393284ea0 R14: 0000000000000497 R15: 00002000000003c0 [ 261.090002][ T7389] [ 261.093431][ T7389] Kernel Offset: disabled [ 261.097783][ T7389] Rebooting in 86400 seconds..